Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d4696b99aae2a8c0b6117c12181ce3b23c2b8b3f0a29d7993a968ec2dcf446f4
-
Size
386KB
-
Sample
220908-aa131adcb3
-
MD5
1b318f1b8b06927c70445fb204cde589
-
SHA1
424c22ee84b9b94efe8cd9f9d8c15a3cbfb2837b
-
SHA256
d4696b99aae2a8c0b6117c12181ce3b23c2b8b3f0a29d7993a968ec2dcf446f4
-
SHA512
3c1779c3f9fc02fa43e0746b39f44755121a6a58c0cb6b9b2253b22f538aaff144955308c8580956f943ac17d62fbc9744fe730c21320eef142c11890acab2a6
-
SSDEEP
12288:p+1TAJgO0d5vgEiySZhb0sJYuVka7CpNIc3r:I1OEifHb08Xk
Malware Config
Extracted
raccoon
654b3e7f2d409dcde795b5d2dacf4955
http://46.249.58.152/
Targets
-
-
Target
d4696b99aae2a8c0b6117c12181ce3b23c2b8b3f0a29d7993a968ec2dcf446f4
-
Size
386KB
-
MD5
1b318f1b8b06927c70445fb204cde589
-
SHA1
424c22ee84b9b94efe8cd9f9d8c15a3cbfb2837b
-
SHA256
d4696b99aae2a8c0b6117c12181ce3b23c2b8b3f0a29d7993a968ec2dcf446f4
-
SHA512
3c1779c3f9fc02fa43e0746b39f44755121a6a58c0cb6b9b2253b22f538aaff144955308c8580956f943ac17d62fbc9744fe730c21320eef142c11890acab2a6
-
SSDEEP
12288:p+1TAJgO0d5vgEiySZhb0sJYuVka7CpNIc3r:I1OEifHb08Xk
Score10/10-
Modifies security service
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-