Extracted

• • Target

    d8392e4d42d9a1c91e08ba2ed4bdd3cc

  • Size

    321KB

  • MD5

    d8392e4d42d9a1c91e08ba2ed4bdd3cc

  • SHA1

    49db632eccf7593fb97f86457ee80876f9c0c89c

  • SHA256

    7491a8a4866c578d50f6c0ae8addf97f40ecdf643d2c303b674dfe0dc36ebc13

  • SHA512

    4bec5a61aeec62b41aff6ddce7e2b20dc48c28373d152d9844cc81a1621cfc44922b999b5c3e405e0cc49a5729f7a91a2bfa9a6f8c84a8b9d45d87d6dd72602a

  Score

  10^/10

  raccoona8c486c1f260c54743b98aa52cbafd02discoveryspywarestealersuricata

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Raccoon Stealer payload

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2