General
-
Target
5FB915DEE9E5DA7BFA4B4D833BFEFB9E.exe
-
Size
1.0MB
-
Sample
210620-4z93kv4m7n
-
MD5
5fb915dee9e5da7bfa4b4d833bfefb9e
-
SHA1
abb3d10ef1c3e9bacb09c5e8370c10bd672d6706
-
SHA256
9fe5d38a3eaacddf0cfbfcdbb0d84c8399a510872b53610638087f4d9553ac82
-
SHA512
535d1f3b6605562130d8184383a72f6acb3cb6b0cbc6894832bd762033aa51c1f2b0cd2acecc137484faa3c3f0ab9f166d300b6bbabd2222518d2ba921cf0584
Static task
static1
Behavioral task
behavioral1
Sample
5FB915DEE9E5DA7BFA4B4D833BFEFB9E.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
5FB915DEE9E5DA7BFA4B4D833BFEFB9E.exe
Resource
win10v20210410
Malware Config
Extracted
raccoon
e769a3b57d823e6577700a58ab4a4a547b9f01be
-
url4cnc
https://telete.in/hdmiprapor
Targets
-
-
Target
5FB915DEE9E5DA7BFA4B4D833BFEFB9E.exe
-
Size
1.0MB
-
MD5
5fb915dee9e5da7bfa4b4d833bfefb9e
-
SHA1
abb3d10ef1c3e9bacb09c5e8370c10bd672d6706
-
SHA256
9fe5d38a3eaacddf0cfbfcdbb0d84c8399a510872b53610638087f4d9553ac82
-
SHA512
535d1f3b6605562130d8184383a72f6acb3cb6b0cbc6894832bd762033aa51c1f2b0cd2acecc137484faa3c3f0ab9f166d300b6bbabd2222518d2ba921cf0584
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-