Extracted

• • Target

    Wondershare Filmora 13 (UPDATED).exe

  • Size

    878KB

  • MD5

    1f018b011f82f0d25100408933a4f9c3

  • SHA1

    7d169d69cadf027943155732a9021f4f141bd29b

  • SHA256

    db721f27c76cf93e1a239e3faeba41c75e78a39ede8b3ce2e735c55ea9681c6f

  • SHA512

    43d35db6d03a2da666c561748e016168949f1ae2c3ea97694f88d5416e199f2996f021ebfca66be28d03b84ad9d334597329e9b8a3bac2ebdeb8bfa059675143

  • SSDEEP

    24576:1zb5WDTsLLa9X/eI6+Q9ZHVuB0yWn2s5b8:1hULeI6+Q9+ynz4

  Score

  10^/10

  raccoonfd5eb68c7ee1f00597cdb8733bd12ef7stealer

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Raccoon Stealer V2 payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2