General
-
Target
viruss.xlsb
-
Size
37KB
-
Sample
210506-asjcd8a4zn
-
MD5
719009a094c6f3155e7abc537078b943
-
SHA1
c4b3109cf39b301b30e732db7493f3241236ed1f
-
SHA256
a2420c7f0c7bf5d3c0893aff6b7440a09c0531632434d2bbb6f8ed98b04317b9
-
SHA512
6a7ae98bfd2ba970d544566bafdf05ba6eb1ee7b9a19e2f7720f69952e8360bcaa6f532fc7f46b638b5174682b55953f48868245af6c57ab787f31d02d45d0a2
Static task
static1
Behavioral task
behavioral1
Sample
viruss.xlsb
Resource
win7v20210410
Behavioral task
behavioral2
Sample
viruss.xlsb
Resource
win10v20210408
Malware Config
Extracted
raccoon
c021300d0074689fde86c87568e215c582272721
-
url4cnc
https://tttttt.me/ch0koalpengold
Targets
-
-
Target
viruss.xlsb
-
Size
37KB
-
MD5
719009a094c6f3155e7abc537078b943
-
SHA1
c4b3109cf39b301b30e732db7493f3241236ed1f
-
SHA256
a2420c7f0c7bf5d3c0893aff6b7440a09c0531632434d2bbb6f8ed98b04317b9
-
SHA512
6a7ae98bfd2ba970d544566bafdf05ba6eb1ee7b9a19e2f7720f69952e8360bcaa6f532fc7f46b638b5174682b55953f48868245af6c57ab787f31d02d45d0a2
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-