General
-
Target
731f4b7012c0ad58e9c56c4b1b554c912ec925b7a9bf7d5df3e6bbc99bd0c6dc
-
Size
1.8MB
-
Sample
211117-rbmqfacha4
-
MD5
0f0b18a626f02ffb2f27b7cf015bca33
-
SHA1
6cc29c04a546ad9ecb280be0d17adf1f9677ab38
-
SHA256
731f4b7012c0ad58e9c56c4b1b554c912ec925b7a9bf7d5df3e6bbc99bd0c6dc
-
SHA512
4021f7a55fadc0acbc53b43eb74e57192af438f3feb7bb0c5ed41fb20bd8e5b73b5e14f48cf1036f9adcf12c1258e4fa0e60704dac07ab91be8da10c3f3af266
Static task
static1
Behavioral task
behavioral1
Sample
731f4b7012c0ad58e9c56c4b1b554c912ec925b7a9bf7d5df3e6bbc99bd0c6dc.exe
Resource
win10-en-20211104
Malware Config
Extracted
raccoon
1.8.3-hotfix
fe1f102f3334068962b64125bcb00816dba46087
-
url4cnc
http://91.219.236.27/ocherednyara1
http://5.181.156.92/ocherednyara1
http://91.219.236.207/ocherednyara1
http://185.225.19.18/ocherednyara1
http://91.219.237.227/ocherednyara1
https://t.me/ocherednyara1
Targets
-
-
Target
731f4b7012c0ad58e9c56c4b1b554c912ec925b7a9bf7d5df3e6bbc99bd0c6dc
-
Size
1.8MB
-
MD5
0f0b18a626f02ffb2f27b7cf015bca33
-
SHA1
6cc29c04a546ad9ecb280be0d17adf1f9677ab38
-
SHA256
731f4b7012c0ad58e9c56c4b1b554c912ec925b7a9bf7d5df3e6bbc99bd0c6dc
-
SHA512
4021f7a55fadc0acbc53b43eb74e57192af438f3feb7bb0c5ed41fb20bd8e5b73b5e14f48cf1036f9adcf12c1258e4fa0e60704dac07ab91be8da10c3f3af266
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-