General
-
Target
f9d60a6f9602d8bc8826f71c4b2a5a09.exe
-
Size
519KB
-
Sample
210417-rlma5p47f2
-
MD5
f9d60a6f9602d8bc8826f71c4b2a5a09
-
SHA1
ed780dde21421bc2b195c411015ac4c36ee42dbe
-
SHA256
dd3f4329365ca4f289bcaf6acdf96919271500ea44e5513519cc53b079df8762
-
SHA512
564b5c3d16ca082bfb0ae9d50423f0501f072657ed0d518a98fa92cd5ae5156a687cb4c124094a7f11d20c21adefca6a7e55bb97e8096c901d9efeaaf85512f7
Static task
static1
Behavioral task
behavioral1
Sample
f9d60a6f9602d8bc8826f71c4b2a5a09.exe
Resource
win7v20210408
Malware Config
Extracted
raccoon
bb8d3701ca5d8e031967c87b862623b34997b3d1
-
url4cnc
https://telete.in/jdiamond13
Targets
-
-
Target
f9d60a6f9602d8bc8826f71c4b2a5a09.exe
-
Size
519KB
-
MD5
f9d60a6f9602d8bc8826f71c4b2a5a09
-
SHA1
ed780dde21421bc2b195c411015ac4c36ee42dbe
-
SHA256
dd3f4329365ca4f289bcaf6acdf96919271500ea44e5513519cc53b079df8762
-
SHA512
564b5c3d16ca082bfb0ae9d50423f0501f072657ed0d518a98fa92cd5ae5156a687cb4c124094a7f11d20c21adefca6a7e55bb97e8096c901d9efeaaf85512f7
-
XMRig Miner Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-