General
-
Target
d21558f6acc3a23c174172d9d930b98ff5b5fba1e433bbc00b4a2ec4131269f7
-
Size
662KB
-
Sample
240429-em6apshh7s
-
MD5
f99b2b80dc83b0d952687d771833164c
-
SHA1
e872f0b4be582132c9486b0c5b86f56b12ed677e
-
SHA256
d21558f6acc3a23c174172d9d930b98ff5b5fba1e433bbc00b4a2ec4131269f7
-
SHA512
8d3af87306d1196862d681c0ae20cba17606e3b1c3a7a441b9739cbd71417088622b977dae9e084a3feb589a73681a2763259f20e1901eaae332ce62c3549add
-
SSDEEP
12288:8bbrYKOCV65d6qGwqa2tqftXPoZe7YUWWd/v4ibj2xy/2+VDRceX+:8bfjOF76qGwbnVP7WWxv48j2xy/2+VH+
Malware Config
Extracted
raccoon
fda6c8debb0b6b5a1d9698b54b255a7d
http://91.92.255.182:80/
-
user_agent
MrBidenNeverKnow
Targets
-
-
Target
d21558f6acc3a23c174172d9d930b98ff5b5fba1e433bbc00b4a2ec4131269f7
-
Size
662KB
-
MD5
f99b2b80dc83b0d952687d771833164c
-
SHA1
e872f0b4be582132c9486b0c5b86f56b12ed677e
-
SHA256
d21558f6acc3a23c174172d9d930b98ff5b5fba1e433bbc00b4a2ec4131269f7
-
SHA512
8d3af87306d1196862d681c0ae20cba17606e3b1c3a7a441b9739cbd71417088622b977dae9e084a3feb589a73681a2763259f20e1901eaae332ce62c3549add
-
SSDEEP
12288:8bbrYKOCV65d6qGwqa2tqftXPoZe7YUWWd/v4ibj2xy/2+VDRceX+:8bfjOF76qGwbnVP7WWxv48j2xy/2+VH+
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer V2 payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-