General
-
Target
b178ddb0e5a5d3bc285ac8ef18f5d46c2e706780b7e2a656d697352a99cbfc60
-
Size
483KB
-
Sample
210926-q49v1aehe8
-
MD5
ad8256f849a0c2ada2e9ec9dd92e0386
-
SHA1
803dd9c1b684acbf48cde429ec7833c0f0d1d62d
-
SHA256
b178ddb0e5a5d3bc285ac8ef18f5d46c2e706780b7e2a656d697352a99cbfc60
-
SHA512
08dc0ef75305ee85500504888fc3289e3532148e9135dcc4a8ddea7851d668d8cf625126c0ba0f011dce9ac498152d1af92cfa67b13c2c31cbe69e5c995b7e5a
Malware Config
Extracted
raccoon
f6d7183c9e82d2a9b81e6c0608450aa66cefb51f
-
url4cnc
https://t.me/justoprostohello
Targets
-
-
Target
b178ddb0e5a5d3bc285ac8ef18f5d46c2e706780b7e2a656d697352a99cbfc60
-
Size
483KB
-
MD5
ad8256f849a0c2ada2e9ec9dd92e0386
-
SHA1
803dd9c1b684acbf48cde429ec7833c0f0d1d62d
-
SHA256
b178ddb0e5a5d3bc285ac8ef18f5d46c2e706780b7e2a656d697352a99cbfc60
-
SHA512
08dc0ef75305ee85500504888fc3289e3532148e9135dcc4a8ddea7851d668d8cf625126c0ba0f011dce9ac498152d1af92cfa67b13c2c31cbe69e5c995b7e5a
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-