Extracted

• • Target

    5b66a8d8211d9d2bc3b767518897de1a.exe

  • Size

    192KB

  • MD5

    5b66a8d8211d9d2bc3b767518897de1a

  • SHA1

    f3d25e1403982357a9fcbd1d9a5f9d3630dbdcab

  • SHA256

    c5ca6276e6316d413e79af507372eda03930d70d407c9a5d82cc934c4c2e8757

  • SHA512

    ad8465853b096a755cc48055650a1595db8e3e83bbab2e85e741421b274031946e5e844f922d1bf60ef34bddaff32a97e739dae0a030a1437f9f64588c6246e4

  • SSDEEP

    1536:DmOOfYt5q0TewD39Agpb6AnxNbqzoI+EbpLcInPxXWBSOQ:qRfNTu6AzooI+Ovn4rQ

  Score

  10^/10

  raccoona828bce8fa315d5d5f4368b51eb63131discoverypersistencespywarestealer

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2