General
-
Target
d86982013fbd0fbad975c8149417d94179f9253bb37a6dd6be8d332d26ffe248
-
Size
12.5MB
-
Sample
240911-rhaz8avemf
-
MD5
bb619be51f4802c7a898ae74c5d1eabe
-
SHA1
786d74917eda2e000a65806eda9734d33d20399c
-
SHA256
d86982013fbd0fbad975c8149417d94179f9253bb37a6dd6be8d332d26ffe248
-
SHA512
88ccbc59ba122ffe3a8ee65bf93ec7b40210bb69f35d4aae8edb907a76a824abd7b71f5ac35972ce59c7f89c96cfe7ac92aca903b4d78ff0b15d5617a2a5c905
-
SSDEEP
393216:yGEDG5J4uYTKWl+IEDHCYMF7FjrBcmAT4ejQe:y1a7gTKw+/DHtGimzze
Malware Config
Extracted
raccoon
517bb0d640c1242c3f069aab3d1018d6
http://51.195.166.178/
http://5.252.177.22
-
user_agent
x
Targets
-
-
Target
d86982013fbd0fbad975c8149417d94179f9253bb37a6dd6be8d332d26ffe248
-
Size
12.5MB
-
MD5
bb619be51f4802c7a898ae74c5d1eabe
-
SHA1
786d74917eda2e000a65806eda9734d33d20399c
-
SHA256
d86982013fbd0fbad975c8149417d94179f9253bb37a6dd6be8d332d26ffe248
-
SHA512
88ccbc59ba122ffe3a8ee65bf93ec7b40210bb69f35d4aae8edb907a76a824abd7b71f5ac35972ce59c7f89c96cfe7ac92aca903b4d78ff0b15d5617a2a5c905
-
SSDEEP
393216:yGEDG5J4uYTKWl+IEDHCYMF7FjrBcmAT4ejQe:y1a7gTKw+/DHtGimzze
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer V2 payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-