Extracted

• • Target

    TheOpen_140722.cps.exe

  • Size

    727.0MB

  • MD5

    64aa9224501a97e1f7b6b31699f88672

  • SHA1

    860076aba5d2deead5fef7624a40695696d0d557

  • SHA256

    47ae4849947cdf79d6a431009a8a76fc6d2c2ae94cc1a705b61248b9842afa31

  • SHA512

    862001380b7ffc8e169dbbc5515fc8d279d3258b03cbc064e2a0abf91edc8b25d11f15af7aa82fb603c3b0c7cebe740d238d51a11dbe521a4b177cac078fab0e

  Score

  10^/10

  raccoon54641d75d5de0fc850ef2098e881f4d8discoveryspywarestealerpersistencesuricata

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Raccoon Stealer payload

  • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2