General
-
Target
a9585036fb194b6bf77d10a73b4c33eb5bc9623c074185ffa4b36bfd39b485ef
-
Size
29.8MB
-
Sample
220319-xw7h8sgfe6
-
MD5
5a9cd2770be2f225e1fc21b07f2fc9e0
-
SHA1
b056b491dc02dc03ef5e01db5712a872ba4de15c
-
SHA256
a9585036fb194b6bf77d10a73b4c33eb5bc9623c074185ffa4b36bfd39b485ef
-
SHA512
184771977416f0923ff8c76f7dfcd210898d055bccf481b033ba34d44a846ea87de7eff5dcec3fa11efeaaca5ef25004797b809d921f6b7933167945cbde7cb4
Static task
static1
Behavioral task
behavioral1
Sample
a9585036fb194b6bf77d10a73b4c33eb5bc9623c074185ffa4b36bfd39b485ef.exe
Resource
win7-20220310-en
Malware Config
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
a9585036fb194b6bf77d10a73b4c33eb5bc9623c074185ffa4b36bfd39b485ef
-
Size
29.8MB
-
MD5
5a9cd2770be2f225e1fc21b07f2fc9e0
-
SHA1
b056b491dc02dc03ef5e01db5712a872ba4de15c
-
SHA256
a9585036fb194b6bf77d10a73b4c33eb5bc9623c074185ffa4b36bfd39b485ef
-
SHA512
184771977416f0923ff8c76f7dfcd210898d055bccf481b033ba34d44a846ea87de7eff5dcec3fa11efeaaca5ef25004797b809d921f6b7933167945cbde7cb4
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-