General
-
Target
44d537a1177052bda245325ade50bc0c.exe
-
Size
1.7MB
-
Sample
220829-x552rsdhbm
-
MD5
44d537a1177052bda245325ade50bc0c
-
SHA1
30e0f857a99fb9dbae1089d27b5b93684f27db40
-
SHA256
36bd02986dce2eed41c7de5ba2fad40054dc7c3afa853837eca3e5aec8c97cd0
-
SHA512
d370cdbd0f8197a24bb8664ab99058424bcf0ca251cb0b363fc8964f19ba81d7dedad9777f04a09e11d319573d4b7d51534379a335b6cf4f6650aa0ab84468be
-
SSDEEP
24576:cErC3wTvofxmxKvKwjUWlq5Qmt1GZ5Ucq1DmE8ctw/idkxChx4Q:HrcagfxWvv59bGz8mEq/iWxChxd
Malware Config
Extracted
raccoon
94476028cb01373a9a79593d7fce091e
http://185.225.17.198
Targets
-
-
Target
44d537a1177052bda245325ade50bc0c.exe
-
Size
1.7MB
-
MD5
44d537a1177052bda245325ade50bc0c
-
SHA1
30e0f857a99fb9dbae1089d27b5b93684f27db40
-
SHA256
36bd02986dce2eed41c7de5ba2fad40054dc7c3afa853837eca3e5aec8c97cd0
-
SHA512
d370cdbd0f8197a24bb8664ab99058424bcf0ca251cb0b363fc8964f19ba81d7dedad9777f04a09e11d319573d4b7d51534379a335b6cf4f6650aa0ab84468be
-
SSDEEP
24576:cErC3wTvofxmxKvKwjUWlq5Qmt1GZ5Ucq1DmE8ctw/idkxChx4Q:HrcagfxWvv59bGz8mEq/iWxChxd
Score10/10-
Modifies security service
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-