General
-
Target
c745a1556271a4493970aeab8ec379756cd938709ae1a0abaadf20ad0ddc9aee
-
Size
419KB
-
Sample
210926-yxsxxafcf7
-
MD5
8e314bedbae96da919e2a217a8840ffa
-
SHA1
71403914c41101e49afedf0d4134b3c39ead178b
-
SHA256
c745a1556271a4493970aeab8ec379756cd938709ae1a0abaadf20ad0ddc9aee
-
SHA512
a8baeb7b8576fe80bea54dab5827ab4275e37323096278e4adeb3added78b61d477bc9e0a847ed15afb52e5986b8a3891fbc86af8b45fa2e6284804445357b09
Malware Config
Extracted
raccoon
5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4
-
url4cnc
https://t.me/agrybirdsgamerept
Targets
-
-
Target
c745a1556271a4493970aeab8ec379756cd938709ae1a0abaadf20ad0ddc9aee
-
Size
419KB
-
MD5
8e314bedbae96da919e2a217a8840ffa
-
SHA1
71403914c41101e49afedf0d4134b3c39ead178b
-
SHA256
c745a1556271a4493970aeab8ec379756cd938709ae1a0abaadf20ad0ddc9aee
-
SHA512
a8baeb7b8576fe80bea54dab5827ab4275e37323096278e4adeb3added78b61d477bc9e0a847ed15afb52e5986b8a3891fbc86af8b45fa2e6284804445357b09
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-