General
-
Target
a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7
-
Size
24.1MB
-
Sample
220309-cxrh7afbgl
-
MD5
d6ecdc8b02968b28ba4a1822cb2c13d8
-
SHA1
97c70c98cc01b6a3aa9f145ce5316963a6630ddd
-
SHA256
a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7
-
SHA512
8c7b84c07ac74c84ecc1aa4f500ed9776c4d906728cde36e6d4b66398337057ed49324071095b4fb0cf1dc4d93fa011666dfc0f039a4ee5a7cad9994221f06fb
Static task
static1
Behavioral task
behavioral1
Sample
a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7.exe
Resource
win7-en-20211208
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7
-
Size
24.1MB
-
MD5
d6ecdc8b02968b28ba4a1822cb2c13d8
-
SHA1
97c70c98cc01b6a3aa9f145ce5316963a6630ddd
-
SHA256
a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7
-
SHA512
8c7b84c07ac74c84ecc1aa4f500ed9776c4d906728cde36e6d4b66398337057ed49324071095b4fb0cf1dc4d93fa011666dfc0f039a4ee5a7cad9994221f06fb
-
Modifies security service
-
Raccoon Stealer Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-