General
-
Target
ce2328dfe8cdacd43216f91b61fec631.exe
-
Size
422KB
-
Sample
210828-bbv17ymkz6
-
MD5
ce2328dfe8cdacd43216f91b61fec631
-
SHA1
80380910dabc95803a470c9f58d1ff3645747997
-
SHA256
5044bd3dfd6bd23b2ed2e52e4efc0ec6ee59d71d7672d37ce9f2b68e2299a9d1
-
SHA512
e4143db4187b69110cf8ca4dba6c17d20b508963b2168bba00ac1f34191904757d218836425c5067891756d6b972bdfb4e514a6678c1141e1291b23409d9ab29
Static task
static1
Behavioral task
behavioral1
Sample
ce2328dfe8cdacd43216f91b61fec631.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ce2328dfe8cdacd43216f91b61fec631.exe
Resource
win10v20210408
Malware Config
Extracted
raccoon
0a7408c65c3ceba29fcaa1d6f9f7143fe4fab73a
-
url4cnc
https://telete.in/secuhaski4
Targets
-
-
Target
ce2328dfe8cdacd43216f91b61fec631.exe
-
Size
422KB
-
MD5
ce2328dfe8cdacd43216f91b61fec631
-
SHA1
80380910dabc95803a470c9f58d1ff3645747997
-
SHA256
5044bd3dfd6bd23b2ed2e52e4efc0ec6ee59d71d7672d37ce9f2b68e2299a9d1
-
SHA512
e4143db4187b69110cf8ca4dba6c17d20b508963b2168bba00ac1f34191904757d218836425c5067891756d6b972bdfb4e514a6678c1141e1291b23409d9ab29
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-