General
-
Target
52c2647b81e20a75e6c6fb99c81ca6f8.exe
-
Size
529KB
-
Sample
210415-edhv7lt6xa
-
MD5
52c2647b81e20a75e6c6fb99c81ca6f8
-
SHA1
38b6cb2df02bc5f30ffba196e8193c9e64d51b34
-
SHA256
7beacccd4af720832723442f9afae77c52095ff5990de1352bb3a8ae1059304e
-
SHA512
07446cf0fe3d8c6aa6752aabca6f151c636a66fe5ff324dc9b7dfffcfc42b721d74e6d65db291b8bc20cf8b71687082dcd822a3799c48885c28259bfeebbaccc
Static task
static1
Behavioral task
behavioral1
Sample
52c2647b81e20a75e6c6fb99c81ca6f8.exe
Resource
win7v20210410
Malware Config
Extracted
raccoon
72e93d05320823f6fd0af18c9cd86188d0bd144a
-
url4cnc
https://telete.in/jdiamond13
Targets
-
-
Target
52c2647b81e20a75e6c6fb99c81ca6f8.exe
-
Size
529KB
-
MD5
52c2647b81e20a75e6c6fb99c81ca6f8
-
SHA1
38b6cb2df02bc5f30ffba196e8193c9e64d51b34
-
SHA256
7beacccd4af720832723442f9afae77c52095ff5990de1352bb3a8ae1059304e
-
SHA512
07446cf0fe3d8c6aa6752aabca6f151c636a66fe5ff324dc9b7dfffcfc42b721d74e6d65db291b8bc20cf8b71687082dcd822a3799c48885c28259bfeebbaccc
-
XMRig Miner Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-