General
-
Target
SecuriteInfo.com.W32.AIDetect.malware1.509.3654
-
Size
529KB
-
Sample
210415-5nzkgbfbr2
-
MD5
8aece0be80642056ffbe8536d6a0afe9
-
SHA1
3cae63a3da5393bcf21f46b89a53fd87ff4a3eb6
-
SHA256
1cf375fc2caa68f520a626542f6b285bcd8ad66f93cac008bd9d2226e5641fcf
-
SHA512
bd418846fc2f277162cd1cfb59d26cb16632b0e4e639a36fdbad51fbe087ac0c530737adb1542e0c017186d3afc2e06999258f6d0ed793de9064b8bb66c8dd86
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetect.malware1.509.3654.exe
Resource
win7v20210410
Malware Config
Extracted
raccoon
72e93d05320823f6fd0af18c9cd86188d0bd144a
-
url4cnc
https://telete.in/jdiamond13
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetect.malware1.509.3654
-
Size
529KB
-
MD5
8aece0be80642056ffbe8536d6a0afe9
-
SHA1
3cae63a3da5393bcf21f46b89a53fd87ff4a3eb6
-
SHA256
1cf375fc2caa68f520a626542f6b285bcd8ad66f93cac008bd9d2226e5641fcf
-
SHA512
bd418846fc2f277162cd1cfb59d26cb16632b0e4e639a36fdbad51fbe087ac0c530737adb1542e0c017186d3afc2e06999258f6d0ed793de9064b8bb66c8dd86
-
XMRig Miner Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-