General
-
Target
Files_Password_7890.rar
-
Size
17.0MB
-
Sample
230330-q5bplach74
-
MD5
9df3584d599dfb14b4c663f0cca7a7fb
-
SHA1
31d05d21c937dd9b21e630100efba85fc6a54a20
-
SHA256
226ef7aa06959ada405da6cbdf16e03ed0be29b6cebfb4112096bbe10b835b98
-
SHA512
3b9c665034f742926e05c79d28bf71cda4cb1696b9c6000de090db7def78ba77ee7cb12074bea258945f09c63bbb16a80faf06d4c5dbec253974021a331dada6
-
SSDEEP
393216:dC4rlj+K31pSjK7j5zrHpll0QjKAju72kOCggGlj42kqLSQY6:d74K3rSiHr/Z42Rlc2VLSN6
Malware Config
Extracted
raccoon
01ce0bf18c5eb0152a13b2ee5d4d8adc
http://37.220.87.69
http://83.217.11.6
Targets
-
-
Target
crSetup.exe
-
Size
1015.0MB
-
MD5
e369f4f19d3adcab34e0af333f113af9
-
SHA1
5a2575fc14031f0f823ca4c09e6d653ae367e400
-
SHA256
eaf8e329aa7f9a7b624938323b17dd1c13a20f35c491538929d043281e338179
-
SHA512
baea6a13ba1f747ff75fb25fa2181222152e296da43f886be32e311235d2674f5f952ffe39bfcc286a5be40fa267ba24624702f37e446320d33e26eb49f3b4f3
-
SSDEEP
196608:FxZoPbD6en7KWZ0Zq9BF7pIRuHNCwfvadJbZ8TuPx/1/MURFg2frJBJH/48rrBny:nwbOe+cgqLqgHTXavF8g/MM3zJHAQn/K
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-