General
-
Target
af160d43cd94b1f161e0e70c916d97d8812e957f712ad83c390625bec55f1d2e
-
Size
304KB
-
Sample
220911-fpgkssegcp
-
MD5
313a135a49794562abc79aa597ce8bf5
-
SHA1
0e76a17a83d635aefc6d83276fc7c4ffa61e7c84
-
SHA256
af160d43cd94b1f161e0e70c916d97d8812e957f712ad83c390625bec55f1d2e
-
SHA512
3df64c749e4c6332742f1ef2e2ecedb99f5700f639959aca4cd53c9877577efe6cb80b2ad26607140d23358b3bf0445949aab9d8376799568550336abcdffac9
-
SSDEEP
6144:YvUIN/y8S6WTceX7yLs6kiuOEC7FO8OEb2JMty0mZbHsJU:Yno8SxTceX7yLuiuaObE2JMty0cbHT
Malware Config
Extracted
raccoon
567d5bff28c2a18132d2f88511f07435
http://116.203.167.5/
http://195.201.248.58/
Targets
-
-
Target
af160d43cd94b1f161e0e70c916d97d8812e957f712ad83c390625bec55f1d2e
-
Size
304KB
-
MD5
313a135a49794562abc79aa597ce8bf5
-
SHA1
0e76a17a83d635aefc6d83276fc7c4ffa61e7c84
-
SHA256
af160d43cd94b1f161e0e70c916d97d8812e957f712ad83c390625bec55f1d2e
-
SHA512
3df64c749e4c6332742f1ef2e2ecedb99f5700f639959aca4cd53c9877577efe6cb80b2ad26607140d23358b3bf0445949aab9d8376799568550336abcdffac9
-
SSDEEP
6144:YvUIN/y8S6WTceX7yLs6kiuOEC7FO8OEb2JMty0mZbHsJU:Yno8SxTceX7yLuiuaObE2JMty0cbHT
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-