acrypthash👨🏻💻Infostealers have been a focal point of mine lately.
Here is a Racoon Stealer sample showing the step after it searches for the user data folder and finding local state. There is a function that goes and out looks for the key used to encrypt the SQLite3 database.
I'd really like to understand that function better, but I am having a hard time finding more info. Would anyone know or could anyone provide documentation on how it is searching for the key in the local state file? Thanks!