General
-
Target
369f0cf17ebf1d3ec9c40d08a760910eeb18687dca3e96c71dee12b877b90316
-
Size
16.3MB
-
Sample
220325-29x9yaddg8
-
MD5
3d15320984eaa8f6e04b0ff5b5df1e6c
-
SHA1
bc9dae6bc1f6908ae5c1ca1525a026103ba5825b
-
SHA256
369f0cf17ebf1d3ec9c40d08a760910eeb18687dca3e96c71dee12b877b90316
-
SHA512
3dadb99c5222843069b1b287001be2097b86efd40182cb3131df63926b9e7c53235c80133853be0ec71793e4d82d41337658125013a481b88faf7cc51c85d16a
Static task
static1
Behavioral task
behavioral1
Sample
369f0cf17ebf1d3ec9c40d08a760910eeb18687dca3e96c71dee12b877b90316.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
369f0cf17ebf1d3ec9c40d08a760910eeb18687dca3e96c71dee12b877b90316.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
369f0cf17ebf1d3ec9c40d08a760910eeb18687dca3e96c71dee12b877b90316
-
Size
16.3MB
-
MD5
3d15320984eaa8f6e04b0ff5b5df1e6c
-
SHA1
bc9dae6bc1f6908ae5c1ca1525a026103ba5825b
-
SHA256
369f0cf17ebf1d3ec9c40d08a760910eeb18687dca3e96c71dee12b877b90316
-
SHA512
3dadb99c5222843069b1b287001be2097b86efd40182cb3131df63926b9e7c53235c80133853be0ec71793e4d82d41337658125013a481b88faf7cc51c85d16a
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-