General
-
Target
d0544cfa549e6317d6df6b06e592e28a4bccf7053af2c9065c57f5e9a405319f
-
Size
419KB
-
Sample
210926-wbrrlsfbg7
-
MD5
c5cc5b1310d6d80729bae8470bf08007
-
SHA1
8bf939f631618c51b81cce4d93ddcff7382c6d18
-
SHA256
d0544cfa549e6317d6df6b06e592e28a4bccf7053af2c9065c57f5e9a405319f
-
SHA512
7886d2ad8a6c32c5ef5883eb6d81e928459d58c41ba551c502054e2b9211d12a3b285c8e661c9670cefc176795073fad77c58deae747be3970c2d3ce1829355c
Malware Config
Extracted
raccoon
5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4
-
url4cnc
https://t.me/agrybirdsgamerept
Targets
-
-
Target
d0544cfa549e6317d6df6b06e592e28a4bccf7053af2c9065c57f5e9a405319f
-
Size
419KB
-
MD5
c5cc5b1310d6d80729bae8470bf08007
-
SHA1
8bf939f631618c51b81cce4d93ddcff7382c6d18
-
SHA256
d0544cfa549e6317d6df6b06e592e28a4bccf7053af2c9065c57f5e9a405319f
-
SHA512
7886d2ad8a6c32c5ef5883eb6d81e928459d58c41ba551c502054e2b9211d12a3b285c8e661c9670cefc176795073fad77c58deae747be3970c2d3ce1829355c
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-