Extracted

• • Target

    de35dae3ef97e43e60f63cf0ded58d480c0e7effe6a93c936be8f94db8e8bee3

  • Size

    718KB

  • MD5

    1bf24ce8b5e34930932432d626fac06d

  • SHA1

    32276318f55c1118980f98377968de0f78c9227e

  • SHA256

    de35dae3ef97e43e60f63cf0ded58d480c0e7effe6a93c936be8f94db8e8bee3

  • SHA512

    d3885e43fe5189eb37cdf4518f05c9096685974db4eefd96260e2db8b17cda13b67861cef2247aeb12baed7ca59c892c82f855c5179e54213f861d2c352ce4fa

  • SSDEEP

    12288:tfLmWONlyXjI/kkJzHSomfaeITAl5aqzTuCTTcARinC/4Tf0Yk4FfRUEy2Hzo5:tfLmNlz/XUyZTAl8jOiiifDzo5

  Score

  10^/10

  discoveryspywarestealerraccoonfda6c8debb0b6b5a1d9698b54b255a7d

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Raccoon Stealer V2 payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2

• • Target

    $INTERNET_CACHE/Counting

  • Size

    281KB

  • MD5

    a262219e61af791c944a87d07bac0075

  • SHA1

    d74aeaa010271d13e1edc54bc73601e57f020c49

  • SHA256

    0177bcf1e6862c139fae08a9c6027f68989b4f68a239b64fab7449d1c421ddc0

  • SHA512

    116ce3a1349a17f8b14a5c2a35af9008d8ffbdeae5e3b2a22f9cedbb18f2af564cc8b7762b30c643265eb16907df02a5c75fb3d141db0646f46bf777b855febb

  • SSDEEP

    6144:A6IANxWUO1LsAotpxlZsgGrinm/O/wmJp9b:l/xWUftpxlZsgGZmJp9b

  Score

  3^/10
  behavioral3behavioral4