General
-
Target
updatechannel3.exe
-
Size
12KB
-
Sample
210405-6p4tykfe8n
-
MD5
4f50605a46c47d765ff37b8751760505
-
SHA1
61644ff438213b0d3bd7d439f538278f09c45ee5
-
SHA256
0ecb8ecf9516eba75d193a532fbbd5acd5d5c8794eb69c97110a911323c65584
-
SHA512
1a4c5f186213de6a48d1c4d94419efd460babb927482628578c6749cf6b8cb4e06caf854d5a8b14ee9b432585364e5051563b41d1d6810103a6a2a2fe1835e56
Static task
static1
Behavioral task
behavioral1
Sample
updatechannel3.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
updatechannel3.exe
Resource
win10v20201028
Malware Config
Extracted
raccoon
3d7990f080e9dcb56104447e3789dec4380efc8b
-
url4cnc
https://telete.in/jvadikkamushkin
Targets
-
-
Target
updatechannel3.exe
-
Size
12KB
-
MD5
4f50605a46c47d765ff37b8751760505
-
SHA1
61644ff438213b0d3bd7d439f538278f09c45ee5
-
SHA256
0ecb8ecf9516eba75d193a532fbbd5acd5d5c8794eb69c97110a911323c65584
-
SHA512
1a4c5f186213de6a48d1c4d94419efd460babb927482628578c6749cf6b8cb4e06caf854d5a8b14ee9b432585364e5051563b41d1d6810103a6a2a2fe1835e56
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-