General
-
Target
5707DDADA5B7EA6BEF434CD294FA12E1.exe
-
Size
1.3MB
-
Sample
210815-9ha784hdpe
-
MD5
5707ddada5b7ea6bef434cd294fa12e1
-
SHA1
45bb285a597b30e100ed4b15d96a29d718697e5e
-
SHA256
85205aa3ad824b5172d5da841d253c3a54aff5d00eb2c208029e9453008f132c
-
SHA512
91cbdbf8da7e4e34de45a99359bdc321a66d6646ed14a1042346824c8daa6237281eff3b00fd162009c5e3204e5a7cd3b944f05e18b7f9066d0f9dd16b56bf13
Malware Config
Extracted
raccoon
471c70de3b4f9e4d493e418d1f60a90659057de0
-
url4cnc
https://telete.in/p1rosto100xx
Targets
-
-
Target
5707DDADA5B7EA6BEF434CD294FA12E1.exe
-
Size
1.3MB
-
MD5
5707ddada5b7ea6bef434cd294fa12e1
-
SHA1
45bb285a597b30e100ed4b15d96a29d718697e5e
-
SHA256
85205aa3ad824b5172d5da841d253c3a54aff5d00eb2c208029e9453008f132c
-
SHA512
91cbdbf8da7e4e34de45a99359bdc321a66d6646ed14a1042346824c8daa6237281eff3b00fd162009c5e3204e5a7cd3b944f05e18b7f9066d0f9dd16b56bf13
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-