General
-
Target
202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9
-
Size
2.5MB
-
Sample
221016-gv9zzahab4
-
MD5
868b8d102e5b76df02a76a6063fc963e
-
SHA1
02902b2b1be8065c8b1361f8b1f7e3795470b634
-
SHA256
202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9
-
SHA512
9c86df899500dc8bfcc606d40e57017c8e987ed597a1a8286a59c1044027a8030a88b8734fe0383d55d310b7d2983343998f00bcd46501641186f1b7ffe4ed9c
-
SSDEEP
24576:I09J5wsOjflMYKY0YSY0YuCfZMDYJYLdtZ8tZvEoKCDh/fj6LuYp2Fl3RuQ5531q:IeojWYKspaCDh/fj6Ql3Q
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://77.73.133.7/
Targets
-
-
Target
202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9
-
Size
2.5MB
-
MD5
868b8d102e5b76df02a76a6063fc963e
-
SHA1
02902b2b1be8065c8b1361f8b1f7e3795470b634
-
SHA256
202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9
-
SHA512
9c86df899500dc8bfcc606d40e57017c8e987ed597a1a8286a59c1044027a8030a88b8734fe0383d55d310b7d2983343998f00bcd46501641186f1b7ffe4ed9c
-
SSDEEP
24576:I09J5wsOjflMYKY0YSY0YuCfZMDYJYLdtZ8tZvEoKCDh/fj6LuYp2Fl3RuQ5531q:IeojWYKspaCDh/fj6Ql3Q
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-