Extracted

• • Target

    Installer.exe

  • Size

    1000KB

  • MD5

    6ffb07e3414cd88275cd4c3b8bbe7b5e

  • SHA1

    0b5f524c0478d84860d16c786358ebda166a5ee1

  • SHA256

    f93521d653a724f562be130f117f3e7ee1b87eeab357f3c5695812a4a9ea73a5

  • SHA512

    ec9f389f258b2553b52c68ea602c55aacd0d1ed052b17d63b7ca5324b2bccfab97e843d540baea9628f15dc9a798b58512218921373f535815093351f2388885

  • SSDEEP

    12288:jylN+SwBxYRjRGLFA8gpO4Xspi5n/IxrcBWQzf7x:jDSw/RsWe1W4

  Score

  10^/10

  raccoonytstealer4689c837190317f8309bc798897decf7spywarestealerupxxmrigminerpersistence

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2