General
-
Target
236be13da1fbc5df90fc4efdd180425976f0050e2eaa1629f0ecfdf166c4afd8
-
Size
27.2MB
-
Sample
220326-g16jqshbe8
-
MD5
67c7cfb965eceeaccdf39587df2c8cb5
-
SHA1
0ad007781742d033a428b32e1bd1e6e990bd43bb
-
SHA256
236be13da1fbc5df90fc4efdd180425976f0050e2eaa1629f0ecfdf166c4afd8
-
SHA512
338c46fbaada026e790401354de61d3845c32d2ffaab294e0c41ececc13608fc9cf2b18e26d19706e04fb3bb507c9665f7e1210bc20411e4a42156c7a5da56ef
Static task
static1
Behavioral task
behavioral1
Sample
236be13da1fbc5df90fc4efdd180425976f0050e2eaa1629f0ecfdf166c4afd8.exe
Resource
win7-20220311-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
236be13da1fbc5df90fc4efdd180425976f0050e2eaa1629f0ecfdf166c4afd8
-
Size
27.2MB
-
MD5
67c7cfb965eceeaccdf39587df2c8cb5
-
SHA1
0ad007781742d033a428b32e1bd1e6e990bd43bb
-
SHA256
236be13da1fbc5df90fc4efdd180425976f0050e2eaa1629f0ecfdf166c4afd8
-
SHA512
338c46fbaada026e790401354de61d3845c32d2ffaab294e0c41ececc13608fc9cf2b18e26d19706e04fb3bb507c9665f7e1210bc20411e4a42156c7a5da56ef
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-