General
-
Target
9263256773.zip
-
Size
51KB
-
Sample
230222-fybqxaaa38
-
MD5
3578aa20badf9b4ac25aae593a4026c2
-
SHA1
a73f706a04deed98bd8c85e66132207ea3ac21d8
-
SHA256
6277f0729c94f5868b662e9c15878edae4a86d05db00c77848efbc966feafb05
-
SHA512
1c6527d0b71ea1b922e275a318acb37165baf0125e94c543142083111679f0d94e666c0b8e03c222db0c824b3c03e9c9158f39a5755b9aa59d76a1b45b5c9225
-
SSDEEP
1536:PiPzUR7r1gkpppogQJHNUD684zLjKWs6f:PyUlr1gqpzsU0Pg6f
Malware Config
Extracted
raccoon
8fb7b851641d456f39570978e99f780e
http://45.15.156.239/
Targets
-
-
Target
846488fe35ebc7bd6496a942a0917eba0d7ed2346772fc38df42344b515b3a90
-
Size
3.8MB
-
MD5
57a091ad9bb7037b3c3cd987b2cf132e
-
SHA1
f4c833a426d0095d851bc62f7bde4f85c5de021f
-
SHA256
846488fe35ebc7bd6496a942a0917eba0d7ed2346772fc38df42344b515b3a90
-
SHA512
769b9f97bd30c533a92ef1e15ad3a88490f03a82fcb047c62728adc124b5916f023b2d7c4f2b46a2e2f3c6dcb48c71e1892370d8ea247f9e98619788840d6a83
-
SSDEEP
1536:9rae78zjORCDGwfdCSog01313Ns5g531FECUA9lReMbP:TahKyd2n3165m3kfA9veML
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-