General
-
Target
dfcb79e9e1635f5144567723a0754726cd0f79d2650bbd205f2750f08e7c60f8
-
Size
22.5MB
-
Sample
220309-csyrpsfbdl
-
MD5
dabf069841992626901963173a7a2c5e
-
SHA1
5a0e907f29c9689d38a10f659762e0821f0a17f1
-
SHA256
dfcb79e9e1635f5144567723a0754726cd0f79d2650bbd205f2750f08e7c60f8
-
SHA512
dddf860c221ae63347557d9e09501df7c5152b0b6877b4c33b53777e9feb90880cc9987ebdb9f4aa98154904d8a609aec2944a80f4124403f4ea957b7e3bb449
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
dfcb79e9e1635f5144567723a0754726cd0f79d2650bbd205f2750f08e7c60f8
-
Size
22.5MB
-
MD5
dabf069841992626901963173a7a2c5e
-
SHA1
5a0e907f29c9689d38a10f659762e0821f0a17f1
-
SHA256
dfcb79e9e1635f5144567723a0754726cd0f79d2650bbd205f2750f08e7c60f8
-
SHA512
dddf860c221ae63347557d9e09501df7c5152b0b6877b4c33b53777e9feb90880cc9987ebdb9f4aa98154904d8a609aec2944a80f4124403f4ea957b7e3bb449
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon Stealer Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-