General
-
Target
edf96af64e80dad2a9e28b9052ebf88b530fa6185e03cad1c1b4c9d5c21815fa
-
Size
11.9MB
-
Sample
220511-28zflsfccm
-
MD5
4ac4214a42739aef3f3e5ecfd1cd004d
-
SHA1
2074454003c869acb06f9e9679572f414ff26cf9
-
SHA256
edf96af64e80dad2a9e28b9052ebf88b530fa6185e03cad1c1b4c9d5c21815fa
-
SHA512
81bdf5936dcc6dbbdab2d7994647a384fe33209bc222be400f69058563ac1dfcd546df89e4f0e9c6408e695becaf6213fa5529e44c04116567d846e634de78a8
Malware Config
Extracted
raccoon
0608c0879c6ecd26ffcf8015f83216c8a225fc46
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
edf96af64e80dad2a9e28b9052ebf88b530fa6185e03cad1c1b4c9d5c21815fa
-
Size
11.9MB
-
MD5
4ac4214a42739aef3f3e5ecfd1cd004d
-
SHA1
2074454003c869acb06f9e9679572f414ff26cf9
-
SHA256
edf96af64e80dad2a9e28b9052ebf88b530fa6185e03cad1c1b4c9d5c21815fa
-
SHA512
81bdf5936dcc6dbbdab2d7994647a384fe33209bc222be400f69058563ac1dfcd546df89e4f0e9c6408e695becaf6213fa5529e44c04116567d846e634de78a8
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon Stealer Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-