General
-
Target
289B.tmp.bin
-
Size
552KB
-
Sample
191205-2zpm3225me
-
MD5
98af67a9cf6b43a2beaab0faf130d1f0
-
SHA1
c1fb4d44ab7e97f922339d69a4ca9582b8277127
-
SHA256
9b99297dd7c5e0e0a418fe6315d9d850013b62b3358444b8a825adeb80dd683c
-
SHA512
cf2d20d6c290953e2f1e0b0b912f8c67f02b5d322b4e3fe456f11528e64a7e2ab2c18909d5a81f04db00b57cb5f1f43b157d6e7c14ac12b448c8930af5c16395
Task
task1
Sample
289B.tmp.bin.exe
Resource
win7v191014
Malware Config
Targets
-
-
Target
289B.tmp.bin
-
Size
552KB
-
MD5
98af67a9cf6b43a2beaab0faf130d1f0
-
SHA1
c1fb4d44ab7e97f922339d69a4ca9582b8277127
-
SHA256
9b99297dd7c5e0e0a418fe6315d9d850013b62b3358444b8a825adeb80dd683c
-
SHA512
cf2d20d6c290953e2f1e0b0b912f8c67f02b5d322b4e3fe456f11528e64a7e2ab2c18909d5a81f04db00b57cb5f1f43b157d6e7c14ac12b448c8930af5c16395
-
Raccoon
It's the RaccAttack!
-
Deletes itself
-
Loads dropped DLL
-
Checks for installed software on the system
-
Reads 7star user data, possible credential harvesting
-
Reads Amigo user data, possible credential harvesting
-
Reads Bromium user data, possible credential harvesting
-
Reads Centbrowser user data, possible credential harvesting
-
Reads Chedot user data, possible credential harvesting
-
Reads Chrome SxS user data, possible credential harvesting
-
Reads Chrome user data, possible credential harvesting
-
Reads Chromium user data, possible credential harvesting
-
Reads Dragon user data, possible credential harvesting
-
Reads Elements browser user data, possible credential harvesting
-
Reads Epic privacy browser user data, possible credential harvesting
-
Reads Firefox user profile, possible credential harvesting
-
Reads Go! user data, possible credential harvesting
-
Reads Kometa user data, possible credential harvesting
-
Reads Mustang user data, possible credential harvesting
-
Reads Nichrome user data, possible credential harvesting
-
Reads Orbitum user data, possible credential harvesting
-
Reads Pale Moon browser user profile, possible credential harvesting
-
Reads Qip surf user data, possible credential harvesting
-
Reads Rockmelt user data, possible credential harvesting
-
Reads Secure browser user data, possible credential harvesting
-
Reads Sputnik user data, possible credential harvesting
-
Reads Suhba user data, possible credential harvesting
-
Reads Superbird user data, possible credential harvesting
-
Reads Tor Browser user profile, possible credential harvesting
-
Reads Torch user data, possible credential harvesting
-
Reads Uran user data, possible credential harvesting
-
Reads Vivaldi user data, possible credential harvesting
-
Reads Waterfox user profile, possible credential harvesting
-
Reads user profile for Thunderbird email client, possible credential harvesting
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-