General
-
Target
2fc0f46e2ceded0b284d4f41759de65e73532900202260b98769ebfaf3244951
-
Size
315KB
-
Sample
221130-a295zsgc5w
-
MD5
09862c53044eee0ef886086bb2e31590
-
SHA1
8d6191224c737336b111765e6dfdaca0c7bd8151
-
SHA256
56c4c8499d119ca5cfdfd667fc5b800df53e5cce23d58ae9f650b1d74789f13a
-
SHA512
bab11c856c4470e9c9f424e403a94e754eb8e67c780b4b07dfa34029bcb54587098d35c93a61f49dff8a6d3c18cfc1fe3856e6a9957005dba57bb85ff2bc4790
-
SSDEEP
6144:CPZpOOaTvL6p+1+Ud4xajiuzopB9Rdm1pRjWBk0OVpWy8RB:CPnOzTvL6ZW48jiu8pB9RdmpRqBk0Y4B
Malware Config
Extracted
raccoon
5d704573a0f97fb52a93667085c18b77
http://193.106.191.150/
Targets
-
-
Target
2fc0f46e2ceded0b284d4f41759de65e73532900202260b98769ebfaf3244951
-
Size
912KB
-
MD5
b417d6f0345b7af1f5dfe584978d8546
-
SHA1
00e67099c87df3f1548793400b1193e423b2de18
-
SHA256
2fc0f46e2ceded0b284d4f41759de65e73532900202260b98769ebfaf3244951
-
SHA512
5a27af515f5913e59c754f49fffae145a76cf540ec4c2b460f08e8b5cd44a53f672b6fb42c845423d2c9ef03170e233d3c1a8ce9273f2a426375b526cd6f9b0c
-
SSDEEP
12288:OMBxceTvLcZWyM5h8pB9RdmpdKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKL:OuCeTAAyD9RdN9P9m
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-