General
-
Target
SKM_20012022.iso
-
Size
84KB
-
Sample
220120-rpks1aacd8
-
MD5
99656e4fee1b27122a02a670da4d62c8
-
SHA1
a3edcde3caa652698ed0818152d7653ebd90b173
-
SHA256
83d2b26d5261101ef765312c5eec9621f428f000f73ff27ff3f807c1a863d462
-
SHA512
ed220e76b0da13054cd99032de3d1ed0a347a2941fb1724d6de4e74f031cc8a63ab575793ebc62560d0f2043535be7f56890a97204b25fccc471c8e34f53b335
Static task
static1
Behavioral task
behavioral1
Sample
SKM_20012022.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
SKM_20012022.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
raccoon
1.8.5
883444d23e24db829d7820cd9f825e2843a64421
-
url4cnc
http://91.219.236.133/iot3redisium2
http://194.180.174.145/iot3redisium2
http://188.166.1.115/iot3redisium2
http://91.219.236.139/iot3redisium2
http://194.180.174.147/iot3redisium2
http://185.3.95.153/iot3redisium2
http://185.163.204.22/iot3redisium2
https://t.me/iot3redisium2
Targets
-
-
Target
SKM_20012022.exe
-
Size
22KB
-
MD5
50a7d165ac7c5b1c27902c1ec9e8664a
-
SHA1
fd0d1a825d0b4162606b1651b9f35545dd024d01
-
SHA256
72f4064c6ed879040bb5a91bfbcca2b4829739766dbc7c2d99b8631e5966242f
-
SHA512
4327513f19034bf672c30e3e4f251eb60a1475b6c7b1eeb2e5cbdaebb22f1fc288b8474094f7df9aba9af4376ac00a9806c045081d611634690dfd6df9009e41
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-