General
-
Target
36227451bca557ea1488a46b8642d1eebceeeaed14c34e96f216a56321bff60c
-
Size
7.0MB
-
Sample
220115-3g67tafba5
-
MD5
e3ed9dadf89ab9d1cfd468ac0aff67a8
-
SHA1
e9bed57ce527549f5b3b4e2f54f8ba903acfd3e3
-
SHA256
36227451bca557ea1488a46b8642d1eebceeeaed14c34e96f216a56321bff60c
-
SHA512
8c6755caf28c0e82303f87124dc2fb402bd41017230df7e6d339834225c3bf97de59660c9dfd55896e2f6fafd4b20ea03a5000657e0c9805496b05d8ac3cab53
Static task
static1
Behavioral task
behavioral1
Sample
36227451bca557ea1488a46b8642d1eebceeeaed14c34e96f216a56321bff60c.exe
Resource
win10-en-20211208
Malware Config
Extracted
raccoon
1.8.4-hotfixs
Targets
-
-
Target
36227451bca557ea1488a46b8642d1eebceeeaed14c34e96f216a56321bff60c
-
Size
7.0MB
-
MD5
e3ed9dadf89ab9d1cfd468ac0aff67a8
-
SHA1
e9bed57ce527549f5b3b4e2f54f8ba903acfd3e3
-
SHA256
36227451bca557ea1488a46b8642d1eebceeeaed14c34e96f216a56321bff60c
-
SHA512
8c6755caf28c0e82303f87124dc2fb402bd41017230df7e6d339834225c3bf97de59660c9dfd55896e2f6fafd4b20ea03a5000657e0c9805496b05d8ac3cab53
Score10/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-