Extracted

• • Target

    44cfd97818514ac0d87cf408d4cf4206.exe

  • Size

    760KB

  • MD5

    44cfd97818514ac0d87cf408d4cf4206

  • SHA1

    e00abf7a94504e85d880c10f39f35bda966fa2e3

  • SHA256

    682c3ade62e3fb1ffa961f435b33ecad12230ececfabb6d91d6f1c757ce040a6

  • SHA512

    1e1394a8c724bdf55cd081b000554ece3c3719e50859c1adab2ff4249dd1f6084193fba82d982f81761cea95ed82a25de5aea1a2f7f7d878e5756da42f3439b4

  • SSDEEP

    12288:9y1LOE0sKh3OyVkJ3zwm+mBDDGiaGKrOqEpfvYB5DNP/6iTUAgez64ehnk:QxKtOyiJ3zwmrdurOqSyDNP/LUTeBehk

  Score

  10^/10

  raccoona06ff8551042e17c9cb5099e335e8f80evasionstealertrojan

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Nirsoft

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2