General
-
Target
5e0e25bc05364316943ad352acb3b502ed6c0052093967e3a10dcbdb5fcdf17e
-
Size
13.9MB
-
Sample
220309-czl2gscdh5
-
MD5
6da60459b3c36ef50295b51e4964f764
-
SHA1
648acc1d53cc5b31515b7d6852e5801b9777e0f9
-
SHA256
5e0e25bc05364316943ad352acb3b502ed6c0052093967e3a10dcbdb5fcdf17e
-
SHA512
e55a118239682cab07584542244700f6cce7376040d76806ad426cda5decb676810e43870302c24597dd4c0f0df148e880b7c45c24bb5e5887541de91a12050c
Static task
static1
Behavioral task
behavioral1
Sample
5e0e25bc05364316943ad352acb3b502ed6c0052093967e3a10dcbdb5fcdf17e.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
5e0e25bc05364316943ad352acb3b502ed6c0052093967e3a10dcbdb5fcdf17e.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
raccoon
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
5e0e25bc05364316943ad352acb3b502ed6c0052093967e3a10dcbdb5fcdf17e
-
Size
13.9MB
-
MD5
6da60459b3c36ef50295b51e4964f764
-
SHA1
648acc1d53cc5b31515b7d6852e5801b9777e0f9
-
SHA256
5e0e25bc05364316943ad352acb3b502ed6c0052093967e3a10dcbdb5fcdf17e
-
SHA512
e55a118239682cab07584542244700f6cce7376040d76806ad426cda5decb676810e43870302c24597dd4c0f0df148e880b7c45c24bb5e5887541de91a12050c
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-