General
-
Target
0ca3d2200b8f6aa7c27dee4e21501255458bfd168deed3bcb8c8588e577a252e
-
Size
99KB
-
Sample
221113-vzgqwafb9s
-
MD5
9e2604e94d07b689e1d44ef1f7c6d66e
-
SHA1
0da107b3ab1990f34a6c2ea41c2511eb3a1e7084
-
SHA256
0ca3d2200b8f6aa7c27dee4e21501255458bfd168deed3bcb8c8588e577a252e
-
SHA512
621b9f9b4ab24098e29bf600baffce21a5c61efc918ba8a6dad9de8bd11dfef806712efad0cd9c535b17adb0bbee5dc8e3619094d1576cf0ecc6898ab8e42fb5
-
SSDEEP
1536:hWoMfU1jzwxqdGqIOg1QNGia+df3WqRpngsW2pxPeM+Xtveu2mik2qR+a:aU14qdSC3Td3WCng3OP+X12mZ2qv
Malware Config
Extracted
raccoon
dbffbdbc9786a5c270e6dd2d647e18ea
http://79.137.205.87/
Targets
-
-
Target
0ca3d2200b8f6aa7c27dee4e21501255458bfd168deed3bcb8c8588e577a252e
-
Size
99KB
-
MD5
9e2604e94d07b689e1d44ef1f7c6d66e
-
SHA1
0da107b3ab1990f34a6c2ea41c2511eb3a1e7084
-
SHA256
0ca3d2200b8f6aa7c27dee4e21501255458bfd168deed3bcb8c8588e577a252e
-
SHA512
621b9f9b4ab24098e29bf600baffce21a5c61efc918ba8a6dad9de8bd11dfef806712efad0cd9c535b17adb0bbee5dc8e3619094d1576cf0ecc6898ab8e42fb5
-
SSDEEP
1536:hWoMfU1jzwxqdGqIOg1QNGia+df3WqRpngsW2pxPeM+Xtveu2mik2qR+a:aU14qdSC3Td3WCng3OP+X12mZ2qv
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-