General
-
Target
??? ?? 9?.exe
-
Size
541KB
-
Sample
210928-hhg9vsahd4
-
MD5
5c06eccf9ec74274380b45219b0d813e
-
SHA1
46a78db9a6faa353855cd1d409fd2c83626a844c
-
SHA256
b66ffdb7174f4c240e016033010d29a21ef2e083a62afe6275bf6bf9027b28c7
-
SHA512
e9f7bf7b724502660c185eaa76e83df6f516c2137a30203cca66432f1cbe5ed7b69c32567a3564ff27137cc1f501920454dc5aab5db0e5d1994e3ccecfbdf897
Malware Config
Extracted
raccoon
1ea547c0a567138950af900718b7747d9f51d0cb
-
url4cnc
https://t.me/niclokirsin
Targets
-
-
Target
??? ?? 9?.exe
-
Size
541KB
-
MD5
5c06eccf9ec74274380b45219b0d813e
-
SHA1
46a78db9a6faa353855cd1d409fd2c83626a844c
-
SHA256
b66ffdb7174f4c240e016033010d29a21ef2e083a62afe6275bf6bf9027b28c7
-
SHA512
e9f7bf7b724502660c185eaa76e83df6f516c2137a30203cca66432f1cbe5ed7b69c32567a3564ff27137cc1f501920454dc5aab5db0e5d1994e3ccecfbdf897
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-