General
-
Target
d3a88ab037be1a370dc7e5e637755df0N.exe
-
Size
596KB
-
Sample
240901-vfxmzsweql
-
MD5
d3a88ab037be1a370dc7e5e637755df0
-
SHA1
5ca21e89aa63c56b91afeaf709b71c1e1cf15167
-
SHA256
ae5f4ca290fade383b6236a1c025027c4fc1247242a13e12f12e7f6be67f63a3
-
SHA512
d28bbb14cff785b818448e68e39c66b1c2b262bae5381c8d7246229109a4daa0d836aa53b576de8eb1984c59b68dbffca646ead36e94196f594851ea0b717ea0
-
SSDEEP
12288:5H9Uy2krNPmiofiSMEVuKe2BV5Nu7tzf:5HCy2kRuifEVuKJBNu
Static task
static1
Behavioral task
behavioral1
Sample
d3a88ab037be1a370dc7e5e637755df0N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
d3a88ab037be1a370dc7e5e637755df0N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
raccoon
51b6734addd400a71cf82ae03c984c90
http://116.203.232.114:80/
-
user_agent
MrBidenNeverKnow
Targets
-
-
Target
d3a88ab037be1a370dc7e5e637755df0N.exe
-
Size
596KB
-
MD5
d3a88ab037be1a370dc7e5e637755df0
-
SHA1
5ca21e89aa63c56b91afeaf709b71c1e1cf15167
-
SHA256
ae5f4ca290fade383b6236a1c025027c4fc1247242a13e12f12e7f6be67f63a3
-
SHA512
d28bbb14cff785b818448e68e39c66b1c2b262bae5381c8d7246229109a4daa0d836aa53b576de8eb1984c59b68dbffca646ead36e94196f594851ea0b717ea0
-
SSDEEP
12288:5H9Uy2krNPmiofiSMEVuKe2BV5Nu7tzf:5HCy2kRuifEVuKJBNu
-
Raccoon Stealer V2 payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-