General
-
Target
472d75f197ae9ba6b4330fcbbc920730bbad73410bb581a3c843b206e85c2f48
-
Size
420KB
-
Sample
210927-bfhz2sfeb2
-
MD5
7775870f29b664c83ad48126d4efe691
-
SHA1
d2b1dfcdc4a6815bab7484b27332be128840a686
-
SHA256
472d75f197ae9ba6b4330fcbbc920730bbad73410bb581a3c843b206e85c2f48
-
SHA512
03d6e4760826fc9d8a98f2f21aa914a64dfecd862f232b8222f13b924ff670cbbe49320a5d9d06fe288926350bab7e0c0b299bfa9ec544df8ab8d1f2b2f59336
Malware Config
Extracted
raccoon
5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4
-
url4cnc
https://t.me/agrybirdsgamerept
Targets
-
-
Target
472d75f197ae9ba6b4330fcbbc920730bbad73410bb581a3c843b206e85c2f48
-
Size
420KB
-
MD5
7775870f29b664c83ad48126d4efe691
-
SHA1
d2b1dfcdc4a6815bab7484b27332be128840a686
-
SHA256
472d75f197ae9ba6b4330fcbbc920730bbad73410bb581a3c843b206e85c2f48
-
SHA512
03d6e4760826fc9d8a98f2f21aa914a64dfecd862f232b8222f13b924ff670cbbe49320a5d9d06fe288926350bab7e0c0b299bfa9ec544df8ab8d1f2b2f59336
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-