General
-
Target
1476d6de5655cd75b02e84ab01a69d62220888e48bce181511a24401f864cdcb
-
Size
3.0MB
-
Sample
211206-wv8t8shga5
-
MD5
ca276fd46d543ceaf2af9b94f22aa7c7
-
SHA1
30ce7c040a08f63d8c34e0f574c7605ac767ec4e
-
SHA256
1476d6de5655cd75b02e84ab01a69d62220888e48bce181511a24401f864cdcb
-
SHA512
2c06f8adbe1fed4bc1e9d3f285881da927b6cd90abb1198a63d5bf6c03f749d4877d5e66202497871e13f415d006b5a48708b9b11a6b2d646344b2b7dc7db796
Static task
static1
Behavioral task
behavioral1
Sample
1476d6de5655cd75b02e84ab01a69d62220888e48bce181511a24401f864cdcb.exe
Resource
win10-en-20211104
Malware Config
Extracted
raccoon
1.8.3-hotfix
207ed4c493cfb59cd2f2f0a338be988518497063
-
url4cnc
http://91.219.236.27/marker2o1
http://94.158.245.167/marker2o1
http://185.163.204.216/marker2o1
http://185.225.19.238/marker2o1
http://185.163.204.218/marker2o1
https://t.me/marker2o1
Targets
-
-
Target
1476d6de5655cd75b02e84ab01a69d62220888e48bce181511a24401f864cdcb
-
Size
3.0MB
-
MD5
ca276fd46d543ceaf2af9b94f22aa7c7
-
SHA1
30ce7c040a08f63d8c34e0f574c7605ac767ec4e
-
SHA256
1476d6de5655cd75b02e84ab01a69d62220888e48bce181511a24401f864cdcb
-
SHA512
2c06f8adbe1fed4bc1e9d3f285881da927b6cd90abb1198a63d5bf6c03f749d4877d5e66202497871e13f415d006b5a48708b9b11a6b2d646344b2b7dc7db796
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-