General
-
Target
c29a42ae9f3a44e8b7358e9b8fcd46e5.exe
-
Size
6.9MB
-
Sample
220714-g4ev7acge9
-
MD5
c29a42ae9f3a44e8b7358e9b8fcd46e5
-
SHA1
cf15043518df3306562dee1fa5fb3eb4bb1a06e4
-
SHA256
08ff05c7d5ea1a8b4af9d40deec84d56b178c043e38613081722963667f0a181
-
SHA512
34ae6ec1618410f093940bf03312846110f51cfb0a33e5c2c6555b3710cef145b2a6936e3d4fb9d1b4651d1442b6667bf4d8f8dec058763d396f5913e8b1071c
Malware Config
Extracted
raccoon
6f692affee3c8a5176ffa56f904dcc3e
http://51.195.166.175/
Targets
-
-
Target
c29a42ae9f3a44e8b7358e9b8fcd46e5.exe
-
Size
6.9MB
-
MD5
c29a42ae9f3a44e8b7358e9b8fcd46e5
-
SHA1
cf15043518df3306562dee1fa5fb3eb4bb1a06e4
-
SHA256
08ff05c7d5ea1a8b4af9d40deec84d56b178c043e38613081722963667f0a181
-
SHA512
34ae6ec1618410f093940bf03312846110f51cfb0a33e5c2c6555b3710cef145b2a6936e3d4fb9d1b4651d1442b6667bf4d8f8dec058763d396f5913e8b1071c
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-