General
-
Target
Setup_Pass_1234.exe
-
Size
4.5MB
-
Sample
220310-lat58sheaj
-
MD5
d1b14aa9c41b1fb168f0a33f8da66653
-
SHA1
4969e9aa47972168ef618363e1b987287379bc7b
-
SHA256
948c821b3a3f5b1ee3a8c49a15c449224be9b0e3c13b5876b5ffc67470424267
-
SHA512
a760fea05bc71e520350fbbf30239fb3902769d2ce8cdf88f56f29b7ed82fb8d2fd6ad2eab80db03be8784eaf04945e896f473c9c87c49ea550a1d579c47750d
Static task
static1
Behavioral task
behavioral1
Sample
Setup_Pass_1234.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
Setup_Pass_1234.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
raccoon
231a2bef03530ea1eb31f9ad27af7d488aca1ee8
-
url4cnc
http://85.159.212.113/sibiusio
http://185.163.204.81/sibiusio
http://194.180.191.33/sibiusio
http://174.138.11.98/sibiusio
http://194.180.191.44/sibiusio
http://91.219.236.120/sibiusio
https://t.me/sibiusio
Targets
-
-
Target
Setup_Pass_1234.exe
-
Size
4.5MB
-
MD5
d1b14aa9c41b1fb168f0a33f8da66653
-
SHA1
4969e9aa47972168ef618363e1b987287379bc7b
-
SHA256
948c821b3a3f5b1ee3a8c49a15c449224be9b0e3c13b5876b5ffc67470424267
-
SHA512
a760fea05bc71e520350fbbf30239fb3902769d2ce8cdf88f56f29b7ed82fb8d2fd6ad2eab80db03be8784eaf04945e896f473c9c87c49ea550a1d579c47750d
-
suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
-
suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
-
Suspicious use of SetThreadContext
-