General
-
Target
155da40d99790b973c85db891b0860e89979ae241637db97148f90c2b33d8cc7
-
Size
2.5MB
-
Sample
221017-y6z3ksdae3
-
MD5
48f3182df20d1cd5f186013b5d52e9a3
-
SHA1
e96b11e2bd1603cd99f6f96c671cb0c95d73e62c
-
SHA256
155da40d99790b973c85db891b0860e89979ae241637db97148f90c2b33d8cc7
-
SHA512
f33ba66af46bd728136cb679e653c53a00ff63087f608acb287204c773b5f7812ae1dd7f8a300df13b154f82b6a6f376f7d9b62a49d4fc2691229115cf8e6a3c
-
SSDEEP
24576:oKw4MA8/R3BL7o+w0Y1Yj002XLMw96KZd2B8Z0b5bpD69vI/H/313LGXC79lyIlz:ofAAnL7o+awbAI/H/313aoNl3D
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://77.73.133.7/
Targets
-
-
Target
155da40d99790b973c85db891b0860e89979ae241637db97148f90c2b33d8cc7
-
Size
2.5MB
-
MD5
48f3182df20d1cd5f186013b5d52e9a3
-
SHA1
e96b11e2bd1603cd99f6f96c671cb0c95d73e62c
-
SHA256
155da40d99790b973c85db891b0860e89979ae241637db97148f90c2b33d8cc7
-
SHA512
f33ba66af46bd728136cb679e653c53a00ff63087f608acb287204c773b5f7812ae1dd7f8a300df13b154f82b6a6f376f7d9b62a49d4fc2691229115cf8e6a3c
-
SSDEEP
24576:oKw4MA8/R3BL7o+w0Y1Yj002XLMw96KZd2B8Z0b5bpD69vI/H/313LGXC79lyIlz:ofAAnL7o+awbAI/H/313aoNl3D
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-