A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, Raccoon Stealer hidden in a fake complaint about a purchase
Malware Hunter JAMESWT technical analysis
Raccoon Stealer is hiding in a fake complaint about a purchase. The link points to a page from which you download an xll file: the loader. This then in turn downloads a zip with the malware inside
RaccoonStealer changes the method of diffusion, exploiting a false email of complaints about products theoretically purchased in the victim’s shop.
The link in the text points to a web page from which the xll file is downloaded, the loader that downloads a zip file with the malware inside.
Raccoon Stealer is an infostealer, used by cybercrime to steal sensitive data in users’ browsers and cryptocurrency wallets. These include cookies, as well as saved login and credit card details.