General
-
Target
setupsoftapp19.0.exe
-
Size
15.0MB
-
Sample
230131-pebfgaaa3x
-
MD5
465334c2b23d57f4db274488dd9f279b
-
SHA1
42983b3bf96d8fb4c8e1a2706cf89e55e66a6a16
-
SHA256
ab6514aa27db11b62a1926a12c5e0b464a42689b6e1c45b8760ca55b04f0bf16
-
SHA512
1a47ab31c761470e73f9f60951b8742f81910fb0e38ad71e5e05d81982de1564c8f95c846308c3cf0cb63af7d154725c5af2ecb895f6ddc79978c3d0755c6397
-
SSDEEP
98304:SIAzUE2bRCunvAdP4lLBYHHm/+MJXzdG7cLwE0xYhrRx4S/HzL71hY:SIKU4uodQjAUJxG7c0EIYJ/4S/TL70
Malware Config
Extracted
raccoon
3f4a8564e5026a245d6974b020b3f6de
http://45.15.156.225/
Targets
-
-
Target
setupsoftapp19.0.exe
-
Size
15.0MB
-
MD5
465334c2b23d57f4db274488dd9f279b
-
SHA1
42983b3bf96d8fb4c8e1a2706cf89e55e66a6a16
-
SHA256
ab6514aa27db11b62a1926a12c5e0b464a42689b6e1c45b8760ca55b04f0bf16
-
SHA512
1a47ab31c761470e73f9f60951b8742f81910fb0e38ad71e5e05d81982de1564c8f95c846308c3cf0cb63af7d154725c5af2ecb895f6ddc79978c3d0755c6397
-
SSDEEP
98304:SIAzUE2bRCunvAdP4lLBYHHm/+MJXzdG7cLwE0xYhrRx4S/HzL71hY:SIKU4uodQjAUJxG7c0EIYJ/4S/TL70
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-