Extracted

• • Target

    ee933b2ba59c83e93c1094ee73c0b1f49725779391240dfd45aa9facdf1c98e6

  • Size

    153KB

  • MD5

    04d1bc35237a7b8f9e38243a268d22c0

  • SHA1

    f368a73c35fb7f47ac99cb693f2532730e75129d

  • SHA256

    ee933b2ba59c83e93c1094ee73c0b1f49725779391240dfd45aa9facdf1c98e6

  • SHA512

    b43fa45eec454e14eadffd59c4021d961ee4ea2a5db557d788d25a6b1a3feb7a7764bbebd64f90beac9e4213282e5d492c4d2158cc10d5872d3ac6409d52c065

  • SSDEEP

    3072:peTxD8Rwh3iTLlFjXoPkbBNop8zCtj6s6j5Kz/+zJUmaRibX9p:p+D53ivvS8+tj6J0z00ibtp

  Score

  10^/10

  raccoon654b3e7f2d409dcde795b5d2dacf4955spywarestealer

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1