General
-
Target
7924ab50084e33902ddc1cf3eda4ad2ede752ece4e6c113fff01ca1633f77a5e
-
Size
1.8MB
-
Sample
211110-qn6teaecan
-
MD5
e3a09969194309cfee0dc7129e80d005
-
SHA1
e90a7adca20f5bdc6650600af144f8a160daa28f
-
SHA256
7924ab50084e33902ddc1cf3eda4ad2ede752ece4e6c113fff01ca1633f77a5e
-
SHA512
a87db6bbe49b727e55fb2c0cd50cfcf1268a968580cfe5a784fd6c5ff3b97190ea597f5a0577c5d7e4331a2065d80ac40aebc9964ab45d50c6e6a4b8343cce4b
Static task
static1
Behavioral task
behavioral1
Sample
7924ab50084e33902ddc1cf3eda4ad2ede752ece4e6c113fff01ca1633f77a5e.exe
Resource
win10-en-20211014
Malware Config
Extracted
raccoon
1.8.3-hotfix
65d90e36e3587fb188a3d819652094e85ff22e28
-
url4cnc
http://178.23.190.57/redhe1r2
http://91.219.236.162/redhe1r2
http://185.163.47.176/redhe1r2
http://193.38.54.238/redhe1r2
http://74.119.192.122/redhe1r2
http://91.219.236.240/redhe1r2
https://t.me/redhe1r2
Targets
-
-
Target
7924ab50084e33902ddc1cf3eda4ad2ede752ece4e6c113fff01ca1633f77a5e
-
Size
1.8MB
-
MD5
e3a09969194309cfee0dc7129e80d005
-
SHA1
e90a7adca20f5bdc6650600af144f8a160daa28f
-
SHA256
7924ab50084e33902ddc1cf3eda4ad2ede752ece4e6c113fff01ca1633f77a5e
-
SHA512
a87db6bbe49b727e55fb2c0cd50cfcf1268a968580cfe5a784fd6c5ff3b97190ea597f5a0577c5d7e4331a2065d80ac40aebc9964ab45d50c6e6a4b8343cce4b
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-