General
-
Target
a68bedcf4c614a60dab1934438bc0fd3.exe
-
Size
528KB
-
Sample
210417-2eaq4x9zv6
-
MD5
a68bedcf4c614a60dab1934438bc0fd3
-
SHA1
77926b7f5c22ab5c505b7cd2c342fba2fbc5e65b
-
SHA256
3f11a6c481b433ce5fa625ae1c43558335c9d281d203f3d5a0653bd2d6053940
-
SHA512
fb6c3c0e06b7c6243e4cd02220c45f5b63ba72a0fe5adb990794df52497f00cb4b31ed813b45eee4dc5c064d9cdf65cfdd01baabf0dfb615dc40a3413c52c4f4
Static task
static1
Behavioral task
behavioral1
Sample
a68bedcf4c614a60dab1934438bc0fd3.exe
Resource
win7v20210408
Malware Config
Extracted
raccoon
bb8d3701ca5d8e031967c87b862623b34997b3d1
-
url4cnc
https://telete.in/jdiamond13
Targets
-
-
Target
a68bedcf4c614a60dab1934438bc0fd3.exe
-
Size
528KB
-
MD5
a68bedcf4c614a60dab1934438bc0fd3
-
SHA1
77926b7f5c22ab5c505b7cd2c342fba2fbc5e65b
-
SHA256
3f11a6c481b433ce5fa625ae1c43558335c9d281d203f3d5a0653bd2d6053940
-
SHA512
fb6c3c0e06b7c6243e4cd02220c45f5b63ba72a0fe5adb990794df52497f00cb4b31ed813b45eee4dc5c064d9cdf65cfdd01baabf0dfb615dc40a3413c52c4f4
-
XMRig Miner Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-