Extracted

• • Target

    Drive.exe

  • Size

    291.2MB

  • MD5

    3934304fd91a95c31cbc1b7ba1ed39d5

  • SHA1

    0e66806bf3eaacc0f24b59bf39228b748adc5f35

  • SHA256

    c3513b234e4cbd4e3ba89a0aaabb1d81bf3cda4ebdd3d58a3b44f5a855a1299d

  • SHA512

    951ce5a4d2a52e2c2ab35f9f2012e7c5cd1ba74ef980d1f728b83e9a0f3ed82fecd15c10c6958f1cd8550e7cef0a3037c972bd385c4a8c4798895f7672c04757

  • SSDEEP

    24576:HrqZX7A/ugleH++mAxqY8qCyIL5w1l2Fgx8oJpW:H0A/ugleHLlxqoJIPA8D

  Score

  10^/10

  raccoon24d4dabefbaffab7ce3f7f558b0190c1discoveryspywarestealer

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2