General
-
Target
file.exe
-
Size
2.5MB
-
Sample
221017-z5ln8sdcc5
-
MD5
76db228d61022f20ae62d751b4c163ba
-
SHA1
8d72ad5482f7164441ffe8f90ab79557784c878c
-
SHA256
941d659ae7dea2fd5c1aa4b09cb9516a502b5c6c1d503efe6b6328801176cdbf
-
SHA512
daba86863fc8f1ed975f233bc4cd934d609e7ef854eb57165c67e163421cdc50f7b059063bbf5bee0a0528c7b273320932e8ce76bd59d7fd53f0e4dd7528e9e2
-
SSDEEP
24576:vmw4MA8/R3BL7o+w0Y1Yj002XLMw96KZd2B8Z0b5bpD6cvI/H/313LaXC79lyulD:v7AAnL7o+awbfI/H/313moHl3z
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://77.73.133.7/
Targets
-
-
Target
file.exe
-
Size
2.5MB
-
MD5
76db228d61022f20ae62d751b4c163ba
-
SHA1
8d72ad5482f7164441ffe8f90ab79557784c878c
-
SHA256
941d659ae7dea2fd5c1aa4b09cb9516a502b5c6c1d503efe6b6328801176cdbf
-
SHA512
daba86863fc8f1ed975f233bc4cd934d609e7ef854eb57165c67e163421cdc50f7b059063bbf5bee0a0528c7b273320932e8ce76bd59d7fd53f0e4dd7528e9e2
-
SSDEEP
24576:vmw4MA8/R3BL7o+w0Y1Yj002XLMw96KZd2B8Z0b5bpD6cvI/H/313LaXC79lyulD:v7AAnL7o+awbfI/H/313moHl3z
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-