General
-
Target
4f31aa8572c832a51e16d5a68421af81.exe
-
Size
245KB
-
Sample
230713-qv8lksgh62
-
MD5
4f31aa8572c832a51e16d5a68421af81
-
SHA1
2f24aed03e7f3f86c55c3a5dbe8e64a47e879509
-
SHA256
a1d9e605b18aff8e2d362975ba3ed00ae9fcfe273293d12bf4ca9371c82e29a4
-
SHA512
08c78748d8418fa50756de63618b983f6ac5514989649af3f582716296e4bbdefc298fe09dce9fdbfcc92fdc930953e961624a6a2df44329e8eb72e23671afdb
-
SSDEEP
3072:wCygjV34RxprK/vEJTP980vfvbkYoUvNFaMbSMlt:bUxsvgF80vfvbRvNzN
Malware Config
Extracted
raccoon
3c85f6d12f0866626b35b64056ce8880
http://5.78.98.26:8088/
Targets
-
-
Target
4f31aa8572c832a51e16d5a68421af81.exe
-
Size
245KB
-
MD5
4f31aa8572c832a51e16d5a68421af81
-
SHA1
2f24aed03e7f3f86c55c3a5dbe8e64a47e879509
-
SHA256
a1d9e605b18aff8e2d362975ba3ed00ae9fcfe273293d12bf4ca9371c82e29a4
-
SHA512
08c78748d8418fa50756de63618b983f6ac5514989649af3f582716296e4bbdefc298fe09dce9fdbfcc92fdc930953e961624a6a2df44329e8eb72e23671afdb
-
SSDEEP
3072:wCygjV34RxprK/vEJTP980vfvbkYoUvNFaMbSMlt:bUxsvgF80vfvbRvNzN
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-