General
-
Target
Raccoon Stealer Builder.exe
-
Size
239KB
-
Sample
230131-bs9crsff7t
-
MD5
0de94fc3e5f5e0e34d26abef5d3d6d2b
-
SHA1
23c26448be63a797e4b0166d6919ae9402aba6cc
-
SHA256
5d98c3afedbff733afeabec59003a7a952d2e09fd5179fa71d0745454ee59699
-
SHA512
bf6b2cfae5819c84e75bfb30193038d21fae0fdef82f91251bef904940bf8a866ad0ddd97980548400b83c08b0d4622b1f7a3f852b087d13a4f925ffe339950b
-
SSDEEP
3072:7+bZPfpKU+oF9a3voehFxtyI75ytEa+LFFCxge1nw1TV/oOWk:abpfpKU+u9obr70+ZmgoOWk
Behavioral task
behavioral1
Sample
Raccoon Stealer Builder.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Raccoon Stealer Builder.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Raccoon Stealer Builder.exe
-
Size
239KB
-
MD5
0de94fc3e5f5e0e34d26abef5d3d6d2b
-
SHA1
23c26448be63a797e4b0166d6919ae9402aba6cc
-
SHA256
5d98c3afedbff733afeabec59003a7a952d2e09fd5179fa71d0745454ee59699
-
SHA512
bf6b2cfae5819c84e75bfb30193038d21fae0fdef82f91251bef904940bf8a866ad0ddd97980548400b83c08b0d4622b1f7a3f852b087d13a4f925ffe339950b
-
SSDEEP
3072:7+bZPfpKU+oF9a3voehFxtyI75ytEa+LFFCxge1nw1TV/oOWk:abpfpKU+u9obr70+ZmgoOWk
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
StormKitty payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-