General
-
Target
e97908ddfbb553735e47a47bb05e870ce346c5f09aeee05db5bbccd9a96958fd
-
Size
502KB
-
Sample
221116-vzj61acb76
-
MD5
7603d680b2c7b88bd9339615f370c4d4
-
SHA1
4d28e7e6780af016b0eb58cfce8b97a8fa1060aa
-
SHA256
e97908ddfbb553735e47a47bb05e870ce346c5f09aeee05db5bbccd9a96958fd
-
SHA512
f886f509cef0d1344ce0dee3fb7dd7b995cb7552398f566682ac547c5891356c60f3dca5dde7f036e12f83c92b1136748c90d1d6235d4c8b46d204e26b935d41
-
SSDEEP
6144:khmaWwRQQoMccv4gMu7w1arWFiUwqdeE5NF57qf6k5N0ujpa+ayH:k/3QMc7gMu7w1ayFiUb4ezO0ujpa+T
Malware Config
Extracted
raccoon
d8f44b07b06da3a90ad87ebc9249718c
http://79.137.205.87/
Targets
-
-
Target
e97908ddfbb553735e47a47bb05e870ce346c5f09aeee05db5bbccd9a96958fd
-
Size
502KB
-
MD5
7603d680b2c7b88bd9339615f370c4d4
-
SHA1
4d28e7e6780af016b0eb58cfce8b97a8fa1060aa
-
SHA256
e97908ddfbb553735e47a47bb05e870ce346c5f09aeee05db5bbccd9a96958fd
-
SHA512
f886f509cef0d1344ce0dee3fb7dd7b995cb7552398f566682ac547c5891356c60f3dca5dde7f036e12f83c92b1136748c90d1d6235d4c8b46d204e26b935d41
-
SSDEEP
6144:khmaWwRQQoMccv4gMu7w1arWFiUwqdeE5NF57qf6k5N0ujpa+ayH:k/3QMc7gMu7w1ayFiUb4ezO0ujpa+T
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-