General
-
Target
d8dfa25267fb49dce33a59ca96eb25faf466d0a1842b3f71ff929b3cf1996e35
-
Size
567KB
-
Sample
211001-naxbpsbfd2
-
MD5
441491c04afd3e5cbc13e8fe46acc945
-
SHA1
fa809275e44448e2f3b7af9e5ae6e3f9a80fd647
-
SHA256
d8dfa25267fb49dce33a59ca96eb25faf466d0a1842b3f71ff929b3cf1996e35
-
SHA512
f639573acdede0bc8d158523a0561c238eba0bd14b124a5c981ffa9bb63fe89b215e66f39a9e654733e75bc8b3e3e55103d36aed3960d98cfc9f32c27af70051
Malware Config
Extracted
raccoon
f6d7183c9e82d2a9b81e6c0608450aa66cefb51f
-
url4cnc
https://t.me/justoprostohello
Targets
-
-
Target
d8dfa25267fb49dce33a59ca96eb25faf466d0a1842b3f71ff929b3cf1996e35
-
Size
567KB
-
MD5
441491c04afd3e5cbc13e8fe46acc945
-
SHA1
fa809275e44448e2f3b7af9e5ae6e3f9a80fd647
-
SHA256
d8dfa25267fb49dce33a59ca96eb25faf466d0a1842b3f71ff929b3cf1996e35
-
SHA512
f639573acdede0bc8d158523a0561c238eba0bd14b124a5c981ffa9bb63fe89b215e66f39a9e654733e75bc8b3e3e55103d36aed3960d98cfc9f32c27af70051
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-