General
-
Target
90092dd11cdc687a901279f37c704e10c55c8a9ea762beca4b74fb4da8e0f3f4
-
Size
64KB
-
Sample
221116-fflhdshb87
-
MD5
d65cef18dc7e808145161fc1fb6ed898
-
SHA1
88c7515fb8b733d59af3a85ace4b85597cf2d69f
-
SHA256
90092dd11cdc687a901279f37c704e10c55c8a9ea762beca4b74fb4da8e0f3f4
-
SHA512
a5136e21d49e7f87f28ee1af591a1a0738c6a529f533ed35c4d1cbd96ed55d815a4c151dfbfbf3235ec152f5dd3f558246929cdf4049b6d4a148ba7ae1fe887f
-
SSDEEP
1536:BvdDWMN95Vp01Eca2z/LvhbUDZUN1T04K3rJJOFOEL:pdDWMN9q1EcfBUDZi03KL
Malware Config
Extracted
raccoon
dc575a13050638a6
Extracted
raccoon
d8f44b07b06da3a90ad87ebc9249718c
http://79.137.205.87/
Targets
-
-
Target
90092dd11cdc687a901279f37c704e10c55c8a9ea762beca4b74fb4da8e0f3f4
-
Size
64KB
-
MD5
d65cef18dc7e808145161fc1fb6ed898
-
SHA1
88c7515fb8b733d59af3a85ace4b85597cf2d69f
-
SHA256
90092dd11cdc687a901279f37c704e10c55c8a9ea762beca4b74fb4da8e0f3f4
-
SHA512
a5136e21d49e7f87f28ee1af591a1a0738c6a529f533ed35c4d1cbd96ed55d815a4c151dfbfbf3235ec152f5dd3f558246929cdf4049b6d4a148ba7ae1fe887f
-
SSDEEP
1536:BvdDWMN95Vp01Eca2z/LvhbUDZUN1T04K3rJJOFOEL:pdDWMN9q1EcfBUDZi03KL
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-