Extracted

Extracted

• • Target

    39a1f23b47f11d5b3e691fdf901aafea.exe

  • Size

    862KB

  • MD5

    39a1f23b47f11d5b3e691fdf901aafea

  • SHA1

    cc97907047c8b80321a33630195aa34c9984eeb5

  • SHA256

    428b820b1ffe34eb41bb4ff1909f299b90df21e5b41052b0bd283c212f64fef2

  • SHA512

    3057c1eaea2e482da6e9b3502ce289ca22bd396fb44fd18a484532472fca24c52c1bde043f5b9e32fe832ba93138f8c0e2295c94d766d9f70822e896846df9c8

  • SSDEEP

    12288:Llrs2RbKAlpWE8HS/DmCMJmoA9cDRUkmgc8Wv1tF:ZrUuoE8HCDmNA9cDRUkmgrWv1tF

  Score

  10^/10

  raccoonredlinec7ede4e1d38311f89345e94d76fa9d65infostealerspywarestealerxmrigytstealerdiscoveryminerpersistenceupx

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2