General
-
Target
dd7211d8c5d8b0e6290b9eb79787d64b73a91bde129cc.exe
-
Size
9KB
-
Sample
210322-nrbb76pjcx
-
MD5
e038387f7b4b7880c48d225db4b769d2
-
SHA1
fb206ae705fe0dab76c3e9d7e4ce3f441caef5fd
-
SHA256
dd7211d8c5d8b0e6290b9eb79787d64b73a91bde129ccc2d83525c4a8d24a531
-
SHA512
d6395f5021c3a065867cfa755d16f6bdb387aeaa7d4109924e9fedecde3224c67d16e275f9f53603de2645af78f40a9f05934e7f46597259bb83579306b965cb
Static task
static1
Behavioral task
behavioral1
Sample
dd7211d8c5d8b0e6290b9eb79787d64b73a91bde129cc.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
dd7211d8c5d8b0e6290b9eb79787d64b73a91bde129cc.exe
Resource
win10v20201028
Malware Config
Extracted
raccoon
c46f13f8aadc028907d65c627fd9163161661f6c
-
url4cnc
https://telete.in/capibar
Extracted
raccoon
2ce901d964b370c5ccda7e4d68354ba040db8218
-
url4cnc
https://telete.in/tomarsjsmith3
Targets
-
-
Target
dd7211d8c5d8b0e6290b9eb79787d64b73a91bde129cc.exe
-
Size
9KB
-
MD5
e038387f7b4b7880c48d225db4b769d2
-
SHA1
fb206ae705fe0dab76c3e9d7e4ce3f441caef5fd
-
SHA256
dd7211d8c5d8b0e6290b9eb79787d64b73a91bde129ccc2d83525c4a8d24a531
-
SHA512
d6395f5021c3a065867cfa755d16f6bdb387aeaa7d4109924e9fedecde3224c67d16e275f9f53603de2645af78f40a9f05934e7f46597259bb83579306b965cb
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Hidden Files and Directories
2Registry Run Keys / Startup Folder
2Scheduled Task
1Defense Evasion
Hidden Files and Directories
2Modify Registry
4File Permissions Modification
1Install Root Certificate
1