General
-
Target
payload.bin
-
Size
413KB
-
Sample
191202-tlqmh39dms
-
MD5
78d9ee4ebd4513402dffaf2efccbad0e
-
SHA1
713576099fea6dd4c37e84e2c507bc1e7f027948
-
SHA256
9d86acff939f2bab3d4a8a8eed8581475189a3e76ba03bbe30e7b36c4b0ffd38
-
SHA512
f611fea65cacd42c488aa4ae365e38a96f154e79b1e283efef0b8a6aa0c6b8a0d3e7317d57209317b5d0b9a7822ece8809ac7c0a15df1b7328c447314971034d
Task
task1
Sample
payload.bin.exe
Resource
win7v191014
Malware Config
Targets
-
-
Target
payload.bin
-
Size
413KB
-
MD5
78d9ee4ebd4513402dffaf2efccbad0e
-
SHA1
713576099fea6dd4c37e84e2c507bc1e7f027948
-
SHA256
9d86acff939f2bab3d4a8a8eed8581475189a3e76ba03bbe30e7b36c4b0ffd38
-
SHA512
f611fea65cacd42c488aa4ae365e38a96f154e79b1e283efef0b8a6aa0c6b8a0d3e7317d57209317b5d0b9a7822ece8809ac7c0a15df1b7328c447314971034d
-
Raccoon
It's the RaccAttack!
-
Deletes itself
-
Loads dropped DLL
-
Checks for installed software on the system
-
Reads 7star user data, possible credential harvesting
-
Reads Amigo user data, possible credential harvesting
-
Reads Bromium user data, possible credential harvesting
-
Reads Centbrowser user data, possible credential harvesting
-
Reads Chedot user data, possible credential harvesting
-
Reads Chrome SxS user data, possible credential harvesting
-
Reads Chrome user data, possible credential harvesting
-
Reads Chromium user data, possible credential harvesting
-
Reads Dragon user data, possible credential harvesting
-
Reads Elements browser user data, possible credential harvesting
-
Reads Epic privacy browser user data, possible credential harvesting
-
Reads Firefox user profile, possible credential harvesting
-
Reads Go! user data, possible credential harvesting
-
Reads Kometa user data, possible credential harvesting
-
Reads Mustang user data, possible credential harvesting
-
Reads Nichrome user data, possible credential harvesting
-
Reads Orbitum user data, possible credential harvesting
-
Reads Pale Moon browser user profile, possible credential harvesting
-
Reads Qip surf user data, possible credential harvesting
-
Reads Rockmelt user data, possible credential harvesting
-
Reads Secure browser user data, possible credential harvesting
-
Reads Sputnik user data, possible credential harvesting
-
Reads Suhba user data, possible credential harvesting
-
Reads Superbird user data, possible credential harvesting
-
Reads Tor Browser user profile, possible credential harvesting
-
Reads Torch user data, possible credential harvesting
-
Reads Uran user data, possible credential harvesting
-
Reads Vivaldi user data, possible credential harvesting
-
Reads Waterfox user profile, possible credential harvesting
-
Reads user profile for Thunderbird email client, possible credential harvesting
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-