Extracted

• • Target

    setup.exe

  • Size

    728.2MB

  • MD5

    638f6d4d8de4a680a2f3e1c7c760d7e2

  • SHA1

    926091f5e95263b9eed4c059fc2841e22339bb53

  • SHA256

    4b9dbcd9bebacee97e2d97d4d3b648bdada5ffd391ae1c31b36bff5066884e45

  • SHA512

    f83045c22af503eb23ef66208ad6474ec41293bf1c3764d66f9ff039579f02a46d5887a21f3751a31df65d13d6c730cea69f3ddccf0f4cef03495605e7c6084f

  • SSDEEP

    196608:xW4Es4CSLvvC/KHJ3tffLVAnz6hMDLT6KWNiUEq:zJSLvvW4BhjSnei1AiUT

  Score

  10^/10

  raccoonf26f614d4c0bc2bcd6601785661fb5cfdiscoverypersistencespywarestealer

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2