General
-
Target
f016a28d496d817cca1628b89023f6b8
-
Size
711KB
-
Sample
220226-xcb8zscgcl
-
MD5
f016a28d496d817cca1628b89023f6b8
-
SHA1
4f88895fc80b09972e1076da0d3bfae30323ce5e
-
SHA256
4e44bb177a3084e4475796d79a2f0c356a29953bd4f4ce8385e6098502d5ea31
-
SHA512
080b72bb5ba2d3ef5d8964bc9075bdcc6aa478d63b9570ef9261478bd9705b1cfb69d644c9f9fa5d60a30fc167904250600f7227bd0ea0b5ef6b082924af15df
Static task
static1
Behavioral task
behavioral1
Sample
f016a28d496d817cca1628b89023f6b8.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
f016a28d496d817cca1628b89023f6b8.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
raccoon
1c0fad6805a0f65d7b597130eb9f089ffbe9857d
-
url4cnc
http://194.180.191.241/capibar
http://103.155.93.35/capibar
https://t.me/capibar
Targets
-
-
Target
f016a28d496d817cca1628b89023f6b8
-
Size
711KB
-
MD5
f016a28d496d817cca1628b89023f6b8
-
SHA1
4f88895fc80b09972e1076da0d3bfae30323ce5e
-
SHA256
4e44bb177a3084e4475796d79a2f0c356a29953bd4f4ce8385e6098502d5ea31
-
SHA512
080b72bb5ba2d3ef5d8964bc9075bdcc6aa478d63b9570ef9261478bd9705b1cfb69d644c9f9fa5d60a30fc167904250600f7227bd0ea0b5ef6b082924af15df
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
-
Suspicious use of SetThreadContext
-