General
-
Target
a9beda964b8371b181392b0f086a0bb5cee0fc2cedf0bba5753882331d855336
-
Size
1.3MB
-
Sample
211129-cchqjsbabn
-
MD5
294834fc53ae2b941d748a1a5dd4b97a
-
SHA1
630b4711ad0e7db299eb30662be5f53bf15c98b9
-
SHA256
a9beda964b8371b181392b0f086a0bb5cee0fc2cedf0bba5753882331d855336
-
SHA512
1bf995115236fc572cb3e338c3403a0bc26526002e5394bbf6dd64a3c3b2a0e09e393f5f95d441245005d8a5b0ddce886f49311d94b868326ce0d49e9ba9ca24
Static task
static1
Behavioral task
behavioral1
Sample
a9beda964b8371b181392b0f086a0bb5cee0fc2cedf0bba5753882331d855336.exe
Resource
win10-en-20211014
Malware Config
Extracted
raccoon
1.8.3-hotfix
fe1f102f3334068962b64125bcb00816dba46087
-
url4cnc
http://91.219.236.27/ocherednyara1
http://5.181.156.92/ocherednyara1
http://91.219.236.207/ocherednyara1
http://185.225.19.18/ocherednyara1
http://91.219.237.227/ocherednyara1
https://t.me/ocherednyara1
Targets
-
-
Target
a9beda964b8371b181392b0f086a0bb5cee0fc2cedf0bba5753882331d855336
-
Size
1.3MB
-
MD5
294834fc53ae2b941d748a1a5dd4b97a
-
SHA1
630b4711ad0e7db299eb30662be5f53bf15c98b9
-
SHA256
a9beda964b8371b181392b0f086a0bb5cee0fc2cedf0bba5753882331d855336
-
SHA512
1bf995115236fc572cb3e338c3403a0bc26526002e5394bbf6dd64a3c3b2a0e09e393f5f95d441245005d8a5b0ddce886f49311d94b868326ce0d49e9ba9ca24
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-