General
-
Target
b7dcde8a31762b888829a11042a2c32e7be2b9c36e66940c0722ee2d06408e22
-
Size
22.5MB
-
Sample
220417-rl5zrsffhn
-
MD5
d2e3482bceae99d90f377a1dea6172bd
-
SHA1
a71e51b36f71d0d44e84b7582995af8488a1229e
-
SHA256
b7dcde8a31762b888829a11042a2c32e7be2b9c36e66940c0722ee2d06408e22
-
SHA512
67c71f6ad55882337796df9ecf042f3c8b74d6e6cff92f73479d572e47cc8a6960da01a35a81565a3f54a6acd9a1d7a1f3321a713d3da6b381d45faf648c0138
Malware Config
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
b7dcde8a31762b888829a11042a2c32e7be2b9c36e66940c0722ee2d06408e22
-
Size
22.5MB
-
MD5
d2e3482bceae99d90f377a1dea6172bd
-
SHA1
a71e51b36f71d0d44e84b7582995af8488a1229e
-
SHA256
b7dcde8a31762b888829a11042a2c32e7be2b9c36e66940c0722ee2d06408e22
-
SHA512
67c71f6ad55882337796df9ecf042f3c8b74d6e6cff92f73479d572e47cc8a6960da01a35a81565a3f54a6acd9a1d7a1f3321a713d3da6b381d45faf648c0138
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon Stealer Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-