General
-
Target
28629036af02ad806fab67ef702c260187d273482d49b335c3b9a6d143644c43
-
Size
27.3MB
-
Sample
220319-p5pqsaacf5
-
MD5
2e6b29ba00dc1463017ab4ad4fbc26ef
-
SHA1
e32227ee8f05e409cb03cc7e2a9391428f9c1377
-
SHA256
28629036af02ad806fab67ef702c260187d273482d49b335c3b9a6d143644c43
-
SHA512
f31735b5885b987e3dfee05601f234b4fd994d79c655366e52fc8288a2e3ff70b91faa4294d1e01229293e05d326a4230d67324746ab329d1c16b7fd1309d901
Static task
static1
Behavioral task
behavioral1
Sample
28629036af02ad806fab67ef702c260187d273482d49b335c3b9a6d143644c43.exe
Resource
win7-20220310-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
28629036af02ad806fab67ef702c260187d273482d49b335c3b9a6d143644c43
-
Size
27.3MB
-
MD5
2e6b29ba00dc1463017ab4ad4fbc26ef
-
SHA1
e32227ee8f05e409cb03cc7e2a9391428f9c1377
-
SHA256
28629036af02ad806fab67ef702c260187d273482d49b335c3b9a6d143644c43
-
SHA512
f31735b5885b987e3dfee05601f234b4fd994d79c655366e52fc8288a2e3ff70b91faa4294d1e01229293e05d326a4230d67324746ab329d1c16b7fd1309d901
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-