purelogstealer | f2d0b699237e80c6347e18250fb751f8876e52821ace6b497e2870d472ed5fa4 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

f2d0b699237e80c6347e18250fb751f8876e52821ace6b497e2870d472ed5fa4
Size

400KB
Sample

240502-g764vabd5s
MD5

273f874fb8cf5f0ea683569cc5aa1105
SHA1

75e0c12ddd0bf9d26e8ce5e014b2ff52476d3884
SHA256

f2d0b699237e80c6347e18250fb751f8876e52821ace6b497e2870d472ed5fa4
SHA512

03b1faa4a531837b6201abe4089cbfe89119c71a88cfdfa14e216040bed8cbab8595dc5c8e834fac4fedede8fd55e6982a7a9a29869b0dd30a838491959fef54
SSDEEP

12288:bixfqg8gtc1Ue6JGNHvrWJwdrO//2M9+Y5:bCfqZuQUe6Ji1O/F7

Score

10^/10

purelogstealer raccoon 5bfc2fea32660a3c43ec3fa8f7188f7e persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f2d0b699237e80c6347e18250fb751f8876e52821ace6b497e2870d472ed5fa4.exe

Resource

win7-20231129-en

purelogstealer raccoon 5bfc2fea32660a3c43ec3fa8f7188f7e persistence stealer

windows7-x64

10 signatures

300 seconds

Behavioral task

behavioral2

Sample

f2d0b699237e80c6347e18250fb751f8876e52821ace6b497e2870d472ed5fa4.exe

Resource

win10-20240404-en

purelogstealer raccoon 5bfc2fea32660a3c43ec3fa8f7188f7e persistence stealer

windows10-1703-x64

10 signatures

300 seconds

Malware Config

Extracted

Family

raccoon

Botnet

5bfc2fea32660a3c43ec3fa8f7188f7e

C2

http://91.103.252.109:80

Attributes

user_agent
SunShineMoonLight

xor.plain

Targets

- Target
  
  f2d0b699237e80c6347e18250fb751f8876e52821ace6b497e2870d472ed5fa4
- Size
  
  400KB
- MD5
  
  273f874fb8cf5f0ea683569cc5aa1105
- SHA1
  
  75e0c12ddd0bf9d26e8ce5e014b2ff52476d3884
- SHA256
  
  f2d0b699237e80c6347e18250fb751f8876e52821ace6b497e2870d472ed5fa4
- SHA512
  
  03b1faa4a531837b6201abe4089cbfe89119c71a88cfdfa14e216040bed8cbab8595dc5c8e834fac4fedede8fd55e6982a7a9a29869b0dd30a838491959fef54
- SSDEEP
  
  12288:bixfqg8gtc1Ue6JGNHvrWJwdrO//2M9+Y5:bCfqZuQUe6Ji1O/F7
Score

10^/10

purelogstealer raccoon 5bfc2fea32660a3c43ec3fa8f7188f7e persistence stealer
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purelogstealerraccoon5bfc2fea32660a3c43ec3fa8f7188f7epersistencestealer

behavioral2

purelogstealerraccoon5bfc2fea32660a3c43ec3fa8f7188f7epersistencestealer

© 2018-2025

Terms | Privacy