General
-
Target
01d047ccb87cc6428fdb1b1594640829b05da2ef7461d5b71fd5106acfc309d9
-
Size
313KB
-
Sample
210810-gds9pytyen
-
MD5
65ab14e85f42282c478292290e6d3d00
-
SHA1
1210ba2520e6c4ea9bb6a6a33c81f49fb72451a9
-
SHA256
01d047ccb87cc6428fdb1b1594640829b05da2ef7461d5b71fd5106acfc309d9
-
SHA512
f52e05e8db5dd7afe004e8c3959ebed7ac9b7e1c0785d6829f65ddd8afa48e667cb94dfdcda4eb487b415ed34d9645f1b8a1f2fb8408f48a37f4fbd2978b76b5
Static task
static1
Behavioral task
behavioral1
Sample
01d047ccb87cc6428fdb1b1594640829b05da2ef7461d5b71fd5106acfc309d9.exe
Resource
win10v20210408
Malware Config
Extracted
http://91.241.19.52/Api/GetFile2
Extracted
smokeloader
2020
http://aucmoney.com/upload/
http://thegymmum.com/upload/
http://atvcampingtrips.com/upload/
http://kuapakualaman.com/upload/
http://renatazarazua.com/upload/
http://nasufmutlu.com/upload/
Extracted
raccoon
83fbe81dd43f775dd8af3cd619f88f428fbd9a96
-
url4cnc
https://telete.in/opa4kiprivatem
Targets
-
-
Target
01d047ccb87cc6428fdb1b1594640829b05da2ef7461d5b71fd5106acfc309d9
-
Size
313KB
-
MD5
65ab14e85f42282c478292290e6d3d00
-
SHA1
1210ba2520e6c4ea9bb6a6a33c81f49fb72451a9
-
SHA256
01d047ccb87cc6428fdb1b1594640829b05da2ef7461d5b71fd5106acfc309d9
-
SHA512
f52e05e8db5dd7afe004e8c3959ebed7ac9b7e1c0785d6829f65ddd8afa48e667cb94dfdcda4eb487b415ed34d9645f1b8a1f2fb8408f48a37f4fbd2978b76b5
-
Raccoon Stealer Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-