Show threadKevin Karhan Oct 19, 2024
@stman #NSOgroup are #CyberMercenaries and in their actions ain't better than #CyberCriminals like #RacoonStealer or Skiddies reselling hosted versions of #NanoCore on the DarkWebz...
RandyFeb 6, 2023

Google search malvertisement for Tor browser leads to Racoon Stealer.

First time I've seen the use of a password on the archive. I had lobbed the sample into VT only to get zero hits. Very unusual. Poking at it I saw that it was password protected and lo behold it was plainly on the site I got it from. Extracted the sample, ZIP'd it back up without a password and fed it to Triage.

tor-vpn[.]com/tor/

2759bf133d68f3fdd6f3c53a4e27634fe9cc90b6df1d852e5854f4bf1a248edc torbrowser-install-win64-12.0.2.rar

https://tria.ge/230206-bng3qafa3v

h/t @cocaman
#malvertising #ioc #ThreatIntel #RacoonStealer

Malware sandboxing report by Hatching Triage

Have a look at the Hatching Triage automated malware analysis report for this raccoon sample, with a score of 10 out of 10.

RandyJan 26, 2023

Feeding frenzy with google search ads for gimp. Third site offered up #RacoonStealer.

startcablivi-oman-kuwait[.]com
gimpgood[.]com

glimmb[.]com
https://www.joesandbox.com/analysis/1159916

#malvertising #ioc

Automated Malware Analysis - Joe Sandbox Cloud Basic

Joe Sandbox Cloud Basic Interface