General
-
Target
7812e73cb8301637b765cde96a7eb583e0b879fb2a18066ea4d01c132814f6f2
-
Size
7.5MB
-
Sample
220320-bh6h5adghr
-
MD5
880fb4689a9b08d4c3e7e2c432608949
-
SHA1
beecf5c8ff73c04a0ac94a47cab805876c7fbadf
-
SHA256
7812e73cb8301637b765cde96a7eb583e0b879fb2a18066ea4d01c132814f6f2
-
SHA512
8341a4320428f64795b3b2a4171e852a1e894dbf9999c3f43db40198e0ea6330226d9d6377efcf3cf6c18a1c3e7d922946707c7bfc8a92908db3dccd476f9bbf
Static task
static1
Behavioral task
behavioral1
Sample
7812e73cb8301637b765cde96a7eb583e0b879fb2a18066ea4d01c132814f6f2.exe
Resource
win7-20220310-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
7812e73cb8301637b765cde96a7eb583e0b879fb2a18066ea4d01c132814f6f2
-
Size
7.5MB
-
MD5
880fb4689a9b08d4c3e7e2c432608949
-
SHA1
beecf5c8ff73c04a0ac94a47cab805876c7fbadf
-
SHA256
7812e73cb8301637b765cde96a7eb583e0b879fb2a18066ea4d01c132814f6f2
-
SHA512
8341a4320428f64795b3b2a4171e852a1e894dbf9999c3f43db40198e0ea6330226d9d6377efcf3cf6c18a1c3e7d922946707c7bfc8a92908db3dccd476f9bbf
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-