General
-
Target
c792a79219ef722a7b0f45b0c59beea8
-
Size
545KB
-
Sample
211001-y5jzzadcdp
-
MD5
c792a79219ef722a7b0f45b0c59beea8
-
SHA1
8d06d36168c7147655b54ef43c525bf25916073c
-
SHA256
25f0da89dfe9a691b9cd1b684d152e51796e90dda51b7bf9a962abd1d7a9fcb1
-
SHA512
db167eea04ff78ed42c18c7de5810c1a4eeb6ce427c85cd2f8df14ea8d73e74980e5b0355b049782fa67aefd6d3a85440e006892a644a72cce662a5ed2b4eb19
Malware Config
Extracted
raccoon
1.8.2
1ec902112b48b86eaf116e67218e531d05852427
-
url4cnc
http://teletop.top/papatikmikr0
http://teleta.top/papatikmikr0
https://t.me/papatikmikr0
Targets
-
-
Target
c792a79219ef722a7b0f45b0c59beea8
-
Size
545KB
-
MD5
c792a79219ef722a7b0f45b0c59beea8
-
SHA1
8d06d36168c7147655b54ef43c525bf25916073c
-
SHA256
25f0da89dfe9a691b9cd1b684d152e51796e90dda51b7bf9a962abd1d7a9fcb1
-
SHA512
db167eea04ff78ed42c18c7de5810c1a4eeb6ce427c85cd2f8df14ea8d73e74980e5b0355b049782fa67aefd6d3a85440e006892a644a72cce662a5ed2b4eb19
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
-
suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-