Extracted

• • Target

    nеwрhоtоshор.exe

  • Size

    727.0MB

  • MD5

    f60b37f7828656a7a146ab4af83b9859

  • SHA1

    17e27e3e18fa195829a67d3fbc46c8ea9aebc817

  • SHA256

    14cf407d1989d77a558c7fc4fb62c981ee4c13a73f6c5e20c6194f3e6d1053dd

  • SHA512

    06ddfe93f23ccb6e3acbe99cc743ba660245a7fb87887c78a1eb4f124964e8db70be3d8d8ee9dd8e2c57dcef52846c06dc62bb5641369440b8576c6960722ada

  • SSDEEP

    196608:DkBkoGNu/6bIN6aEIqGCG2EuhdheNKAcqvWt:oGoOuESxEFzhdOKFqvWt

  Score

  10^/10

  raccoon8fb7b851641d456f39570978e99f780ediscoveryspywarestealer

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2