General
-
Target
7b89285becb792aa7de15c07335eb60125ad03bd8dd31392ec8ce16f05df356b
-
Size
430KB
-
Sample
210926-mdarfaefbl
-
MD5
1979d55bfa39f1536c469953a2643862
-
SHA1
1f5e283317b90df4a88a53342f7edac1ae1cc89d
-
SHA256
7b89285becb792aa7de15c07335eb60125ad03bd8dd31392ec8ce16f05df356b
-
SHA512
c4b3c71e1c034ac0441b0f2acc5b92cf900fcc89590f1a6c4bcd7795b64cf27789d71fa25742c01cc3d067ff69124700730a785785273aad7c66b27d4a5dbe85
Malware Config
Extracted
raccoon
f6d7183c9e82d2a9b81e6c0608450aa66cefb51f
-
url4cnc
https://t.me/justoprostohello
Targets
-
-
Target
7b89285becb792aa7de15c07335eb60125ad03bd8dd31392ec8ce16f05df356b
-
Size
430KB
-
MD5
1979d55bfa39f1536c469953a2643862
-
SHA1
1f5e283317b90df4a88a53342f7edac1ae1cc89d
-
SHA256
7b89285becb792aa7de15c07335eb60125ad03bd8dd31392ec8ce16f05df356b
-
SHA512
c4b3c71e1c034ac0441b0f2acc5b92cf900fcc89590f1a6c4bcd7795b64cf27789d71fa25742c01cc3d067ff69124700730a785785273aad7c66b27d4a5dbe85
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
-
suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-