General
-
Target
file.exe
-
Size
1.6MB
-
Sample
240915-pb17qateqr
-
MD5
1bff2e1095c5000b950c2f9bcde896e5
-
SHA1
fc61d68aa844f8a3cf8e879ea0005c009560b306
-
SHA256
ca21d368d1f29efc9be3158e0bacbe66640dba8ed3cdf9ba9f6a485a2664cf05
-
SHA512
6339f59483fb86b402392171fc11ddaf27d805bec29cb088bb0efed1a1d29f7548a6151398344969486d02ba6e32155c0b58452570f0c031207e4eeabf01db0b
-
SSDEEP
24576:3CGKLOvnkRd/WMqXqCb4VKMseaIuNCXmcPUHQCSIdf+ZkY0rHOmUK7DVqZ:3IsS/WMqXqWMdad3LhddEaHOfo
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
raccoon
111a83bc76cd8d221f67303e6ef70a11
http://192.153.57.177:80
-
user_agent
MrBidenNeverKnow
Targets
-
-
Target
file.exe
-
Size
1.6MB
-
MD5
1bff2e1095c5000b950c2f9bcde896e5
-
SHA1
fc61d68aa844f8a3cf8e879ea0005c009560b306
-
SHA256
ca21d368d1f29efc9be3158e0bacbe66640dba8ed3cdf9ba9f6a485a2664cf05
-
SHA512
6339f59483fb86b402392171fc11ddaf27d805bec29cb088bb0efed1a1d29f7548a6151398344969486d02ba6e32155c0b58452570f0c031207e4eeabf01db0b
-
SSDEEP
24576:3CGKLOvnkRd/WMqXqCb4VKMseaIuNCXmcPUHQCSIdf+ZkY0rHOmUK7DVqZ:3IsS/WMqXqWMdad3LhddEaHOfo
-
Raccoon Stealer V2 payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-