General
-
Target
596c446e96d473c5d6c4f8f1381253b4.exe
-
Size
419KB
-
Sample
210926-vln8ssfbe8
-
MD5
596c446e96d473c5d6c4f8f1381253b4
-
SHA1
17dabe79faa58085af7f37cb89f9d48ea579334b
-
SHA256
7afac1e8bef468f01d95afdd0e2f03d86d98bb3143d67faa4b4c172ac82d099b
-
SHA512
2c37e2bb4575a0521a309539d75eee7d97916dabf2e3a606aa177aee6c7dd3bfcb70a86b7ce67ee0cd970e27745b09c00e104237b706d545af046b13f13db069
Malware Config
Extracted
raccoon
5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4
-
url4cnc
https://t.me/agrybirdsgamerept
Targets
-
-
Target
596c446e96d473c5d6c4f8f1381253b4.exe
-
Size
419KB
-
MD5
596c446e96d473c5d6c4f8f1381253b4
-
SHA1
17dabe79faa58085af7f37cb89f9d48ea579334b
-
SHA256
7afac1e8bef468f01d95afdd0e2f03d86d98bb3143d67faa4b4c172ac82d099b
-
SHA512
2c37e2bb4575a0521a309539d75eee7d97916dabf2e3a606aa177aee6c7dd3bfcb70a86b7ce67ee0cd970e27745b09c00e104237b706d545af046b13f13db069
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-