General
-
Target
a5a2fc05ae169c31782a7c6f12e9a8c6.exe
-
Size
515KB
-
Sample
210921-l22pdsbgan
-
MD5
a5a2fc05ae169c31782a7c6f12e9a8c6
-
SHA1
1ce3fbd2917674ac377fa5f86685e47896692178
-
SHA256
35076221cd82da4a80f492b3a903b0c340ccc76725570ba41f9995c74c0bb485
-
SHA512
1069664f11cdb9e94550c8a8764e23ced6e6d3a1b79674de1c09c78b82b7c26312b364c59c041a4a342337bfc30fa2d35635b988657683eb0f6a25ba44c2474a
Malware Config
Extracted
raccoon
a16e26e8e3bbf05aad922e6691134b0795801b32
-
url4cnc
https://telete.in/jjbadb0y
Targets
-
-
Target
a5a2fc05ae169c31782a7c6f12e9a8c6.exe
-
Size
515KB
-
MD5
a5a2fc05ae169c31782a7c6f12e9a8c6
-
SHA1
1ce3fbd2917674ac377fa5f86685e47896692178
-
SHA256
35076221cd82da4a80f492b3a903b0c340ccc76725570ba41f9995c74c0bb485
-
SHA512
1069664f11cdb9e94550c8a8764e23ced6e6d3a1b79674de1c09c78b82b7c26312b364c59c041a4a342337bfc30fa2d35635b988657683eb0f6a25ba44c2474a
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-