General
-
Target
1b7d5568856cb4d24770d1d1c5d45e522063b0218f8af763891551df06037dd9
-
Size
2.5MB
-
Sample
221016-eyfjesggbl
-
MD5
1d337f3c798dc6fc06b453566ecb6114
-
SHA1
65a5af30d0766ed67ae884280676777058ec96a6
-
SHA256
1b7d5568856cb4d24770d1d1c5d45e522063b0218f8af763891551df06037dd9
-
SHA512
4c15d958e31d957a7f8bf90813a29c24b20bcb4192dbc404d8a039df04eccd66c5b56e5f33bc069092b268c225d2bca2e3b754252328aec0392369c93b882fc8
-
SSDEEP
24576:Rn6zJ5wsOjflMYKY0YSY0YuCfZMDYJYLdtZ8tZvE2KCDh/fj6LhYp22l3RuQ553Q:RKojWYKspMCDh/fj62l3c
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://135.148.104.11/
http://77.73.133.7/
Targets
-
-
Target
1b7d5568856cb4d24770d1d1c5d45e522063b0218f8af763891551df06037dd9
-
Size
2.5MB
-
MD5
1d337f3c798dc6fc06b453566ecb6114
-
SHA1
65a5af30d0766ed67ae884280676777058ec96a6
-
SHA256
1b7d5568856cb4d24770d1d1c5d45e522063b0218f8af763891551df06037dd9
-
SHA512
4c15d958e31d957a7f8bf90813a29c24b20bcb4192dbc404d8a039df04eccd66c5b56e5f33bc069092b268c225d2bca2e3b754252328aec0392369c93b882fc8
-
SSDEEP
24576:Rn6zJ5wsOjflMYKY0YSY0YuCfZMDYJYLdtZ8tZvE2KCDh/fj6LhYp22l3RuQ553Q:RKojWYKspMCDh/fj62l3c
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-