General
-
Target
c1248302f8f492e12ab14431e1a6312b37d6d16f05facdde95301cbefbc82bbb
-
Size
386KB
-
Sample
220908-elxxyaafhn
-
MD5
1fde218b1d356a7985394711a3f40aa1
-
SHA1
ea004c7042b7ea053584f11adab4319c66a21997
-
SHA256
c1248302f8f492e12ab14431e1a6312b37d6d16f05facdde95301cbefbc82bbb
-
SHA512
6f89fac29404d2eb29c8cb882f4d6c7c6963744ef4c752a6f550a787605ddd0cba4c51eac3ba741c69634c3c10262d2bcd3c7b99597b15822fb830874ba6d6cd
-
SSDEEP
12288:VO1UAJgO0d5vgEiNxWprEcCoulkXY92D:E1NEiPsrEDUY92D
Malware Config
Extracted
raccoon
654b3e7f2d409dcde795b5d2dacf4955
http://46.249.58.152/
Targets
-
-
Target
c1248302f8f492e12ab14431e1a6312b37d6d16f05facdde95301cbefbc82bbb
-
Size
386KB
-
MD5
1fde218b1d356a7985394711a3f40aa1
-
SHA1
ea004c7042b7ea053584f11adab4319c66a21997
-
SHA256
c1248302f8f492e12ab14431e1a6312b37d6d16f05facdde95301cbefbc82bbb
-
SHA512
6f89fac29404d2eb29c8cb882f4d6c7c6963744ef4c752a6f550a787605ddd0cba4c51eac3ba741c69634c3c10262d2bcd3c7b99597b15822fb830874ba6d6cd
-
SSDEEP
12288:VO1UAJgO0d5vgEiNxWprEcCoulkXY92D:E1NEiPsrEDUY92D
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-