General
-
Target
013d8553773f7f66f6d0e948b93b2cc9606f6a36b88aacca3600e0c1cab86f81
-
Size
2.5MB
-
Sample
221015-ywwx6sgbe7
-
MD5
ac401f8e16e4f209dd5d4e8b3cde2e37
-
SHA1
d9f2dd3bda2154346c55220bae529443b9ffd3e7
-
SHA256
013d8553773f7f66f6d0e948b93b2cc9606f6a36b88aacca3600e0c1cab86f81
-
SHA512
505e3b82d7e0850a92765a3709125e4dba8f44e82896136a2b708211e99399c52169c09073c2eb57d0ac382eb55e3cdf7a4575b185e436eaaf38aae52e37db85
-
SSDEEP
24576:7LjJ5wsOjflMYqssYSY0YCCfZMDYJY3dtZ8tZvAfKCPh/fj6LeYp2Ul3RuQ5531s:7nojWYqwdjCPh/fj6xl32
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://135.148.104.11/
http://77.73.133.7/
Targets
-
-
Target
013d8553773f7f66f6d0e948b93b2cc9606f6a36b88aacca3600e0c1cab86f81
-
Size
2.5MB
-
MD5
ac401f8e16e4f209dd5d4e8b3cde2e37
-
SHA1
d9f2dd3bda2154346c55220bae529443b9ffd3e7
-
SHA256
013d8553773f7f66f6d0e948b93b2cc9606f6a36b88aacca3600e0c1cab86f81
-
SHA512
505e3b82d7e0850a92765a3709125e4dba8f44e82896136a2b708211e99399c52169c09073c2eb57d0ac382eb55e3cdf7a4575b185e436eaaf38aae52e37db85
-
SSDEEP
24576:7LjJ5wsOjflMYqssYSY0YCCfZMDYJY3dtZ8tZvAfKCPh/fj6LeYp2Ul3RuQ5531s:7nojWYqwdjCPh/fj6xl32
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-