General
-
Target
614ECF4D0A5F0D42655FEDF09B82813D.exe
-
Size
462KB
-
Sample
210807-5tmngbthks
-
MD5
614ecf4d0a5f0d42655fedf09b82813d
-
SHA1
c5b3e85f19ef84f45001e11af2f3bdc5454b6b16
-
SHA256
b99ac985c91f5a5e0c2ab8c5b92cb644cea66cb3336c2b6665274e78151cc372
-
SHA512
57eda7be4c9e80147e58d4c1712596800d8597810dfd1548faf387bac108a4bd5a19fad1a1a52f15ffb326babb544cd5c37e85f824ad91599261ee451b8593cd
Static task
static1
Behavioral task
behavioral1
Sample
614ECF4D0A5F0D42655FEDF09B82813D.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
614ECF4D0A5F0D42655FEDF09B82813D.exe
Resource
win10v20210408
Malware Config
Extracted
raccoon
2ca2376c561d1af7f8b9e6f3256b06220a3db187
-
url4cnc
https://telete.in/johnyes13
Targets
-
-
Target
614ECF4D0A5F0D42655FEDF09B82813D.exe
-
Size
462KB
-
MD5
614ecf4d0a5f0d42655fedf09b82813d
-
SHA1
c5b3e85f19ef84f45001e11af2f3bdc5454b6b16
-
SHA256
b99ac985c91f5a5e0c2ab8c5b92cb644cea66cb3336c2b6665274e78151cc372
-
SHA512
57eda7be4c9e80147e58d4c1712596800d8597810dfd1548faf387bac108a4bd5a19fad1a1a52f15ffb326babb544cd5c37e85f824ad91599261ee451b8593cd
-
Raccoon Stealer Payload
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-