General
-
Target
3959bdfe85274a87a4d900a3e659033a7aa49f03a3be63635559d8e1ad3d4d4e
-
Size
523KB
-
Sample
210907-w5gthagdan
-
MD5
40fb47bb6dc56946beaa2776c11aca28
-
SHA1
330e776bbbb8e48d50a2652e9ed77d20675f8c9b
-
SHA256
3959bdfe85274a87a4d900a3e659033a7aa49f03a3be63635559d8e1ad3d4d4e
-
SHA512
f6f323ac7e10fc933112460321964b3442315c3fe4f9b5f2b833df6d8206a878421905ec94dc3d34c813386b36b32579f4324d6188e060c50adeb0123f6b30f8
Malware Config
Extracted
raccoon
93d3ccba4a3cbd5e268873fc1760b2335272e198
-
url4cnc
https://telete.in/opa4kiprivatem
Targets
-
-
Target
3959bdfe85274a87a4d900a3e659033a7aa49f03a3be63635559d8e1ad3d4d4e
-
Size
523KB
-
MD5
40fb47bb6dc56946beaa2776c11aca28
-
SHA1
330e776bbbb8e48d50a2652e9ed77d20675f8c9b
-
SHA256
3959bdfe85274a87a4d900a3e659033a7aa49f03a3be63635559d8e1ad3d4d4e
-
SHA512
f6f323ac7e10fc933112460321964b3442315c3fe4f9b5f2b833df6d8206a878421905ec94dc3d34c813386b36b32579f4324d6188e060c50adeb0123f6b30f8
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-