General
-
Target
pago-caja.exe
-
Size
1.4MB
-
Sample
211109-p3gx6acchk
-
MD5
d17695e9c272d865d398592ac4b74623
-
SHA1
f41966de07ef6bf7dc4d96692b0be5a205e12cbc
-
SHA256
2820898b2f7b07067f4873135fa66bff7315b29825ed11802eef98ddb934d171
-
SHA512
d9f91726a10445c190de19a50d63b61fb5cbd23aa66bac2ac828e22ee342b27e7506ddd13a02dead48a7ae4d0043bb26e0e7e70152984ce1bad1847b7e2676e3
Static task
static1
Behavioral task
behavioral1
Sample
pago-caja.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
pago-caja.exe
Resource
win10-en-20211104
Malware Config
Extracted
raccoon
1.8.3-hotfix
b9c565b379143847a46237403a5da448d32935f8
-
url4cnc
http://91.219.236.162/ogaollebro1
http://185.163.47.176/ogaollebro1
http://193.38.54.238/ogaollebro1
http://74.119.192.122/ogaollebro1
http://91.219.236.240/ogaollebro1
https://t.me/ogaollebro1
Targets
-
-
Target
pago-caja.exe
-
Size
1.4MB
-
MD5
d17695e9c272d865d398592ac4b74623
-
SHA1
f41966de07ef6bf7dc4d96692b0be5a205e12cbc
-
SHA256
2820898b2f7b07067f4873135fa66bff7315b29825ed11802eef98ddb934d171
-
SHA512
d9f91726a10445c190de19a50d63b61fb5cbd23aa66bac2ac828e22ee342b27e7506ddd13a02dead48a7ae4d0043bb26e0e7e70152984ce1bad1847b7e2676e3
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-