General
-
Target
2f0f374ba2a8adf6d5b1095607fa6cea.exe
-
Size
5.3MB
-
Sample
210829-ctjvlwtwba
-
MD5
2f0f374ba2a8adf6d5b1095607fa6cea
-
SHA1
4efd278872e7ca4c93bb2ff6527fc9c21ecbf724
-
SHA256
514cf7b9751465c6f04d46cea1c49bf846c3322a4144faffef07e314793dc5e3
-
SHA512
99a9e83438d6957e73ceb931e752c9cacf8e5ebd1bcdece8cc1f85b36f9b56e1b8aad5713467924066cfd8facf21da3230e326c420571ada9ccdf59a98256fc4
Static task
static1
Behavioral task
behavioral1
Sample
2f0f374ba2a8adf6d5b1095607fa6cea.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2f0f374ba2a8adf6d5b1095607fa6cea.exe
Resource
win10v20210408
Malware Config
Extracted
raccoon
0a7408c65c3ceba29fcaa1d6f9f7143fe4fab73a
-
url4cnc
https://telete.in/secuhaski4
Targets
-
-
Target
2f0f374ba2a8adf6d5b1095607fa6cea.exe
-
Size
5.3MB
-
MD5
2f0f374ba2a8adf6d5b1095607fa6cea
-
SHA1
4efd278872e7ca4c93bb2ff6527fc9c21ecbf724
-
SHA256
514cf7b9751465c6f04d46cea1c49bf846c3322a4144faffef07e314793dc5e3
-
SHA512
99a9e83438d6957e73ceb931e752c9cacf8e5ebd1bcdece8cc1f85b36f9b56e1b8aad5713467924066cfd8facf21da3230e326c420571ada9ccdf59a98256fc4
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-