General
-
Target
ab34c13eca2976803093e415028716db9042827537cf02b3c26643b1a1e39ed8
-
Size
843KB
-
Sample
221117-17l88aga66
-
MD5
88259b6f581671ac2c3243699a77457a
-
SHA1
be0d1380ef2de12a1ea763158e0f3e4e2847e8c2
-
SHA256
ab34c13eca2976803093e415028716db9042827537cf02b3c26643b1a1e39ed8
-
SHA512
efc303093dc17ec8cbbbaec40aaf59f8869298396066acb33a56a22daeae5a0d32142d8bc6a9dca7491ed4c90f4ec0eb8636c1d2017e678dce37210d5cb60622
-
SSDEEP
12288:Wknl8gLO+AG/gAsZmk3AB/qwf83LdH7Ndqd8YKQHmuAnYKqA/OsH:fnl8gy+AG/gm/s7NdqB/H
Malware Config
Extracted
raccoon
d8f44b07b06da3a90ad87ebc9249718c
http://79.137.205.87/
Targets
-
-
Target
ab34c13eca2976803093e415028716db9042827537cf02b3c26643b1a1e39ed8
-
Size
843KB
-
MD5
88259b6f581671ac2c3243699a77457a
-
SHA1
be0d1380ef2de12a1ea763158e0f3e4e2847e8c2
-
SHA256
ab34c13eca2976803093e415028716db9042827537cf02b3c26643b1a1e39ed8
-
SHA512
efc303093dc17ec8cbbbaec40aaf59f8869298396066acb33a56a22daeae5a0d32142d8bc6a9dca7491ed4c90f4ec0eb8636c1d2017e678dce37210d5cb60622
-
SSDEEP
12288:Wknl8gLO+AG/gAsZmk3AB/qwf83LdH7Ndqd8YKQHmuAnYKqA/OsH:fnl8gy+AG/gm/s7NdqB/H
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-