General
-
Target
fe470cc413832c123ad22bbfc1c4d5ba7762e9d23fd160ecbbcdffd3caadf947
-
Size
12.3MB
-
Sample
220327-1962eadfc6
-
MD5
601c098a1dfd3f8362cfaf5580e0a876
-
SHA1
7bcd26e0f2d452fba0f4be6e4439314a82248be7
-
SHA256
fe470cc413832c123ad22bbfc1c4d5ba7762e9d23fd160ecbbcdffd3caadf947
-
SHA512
942468e4617a1413ffb96ae3af1e9beb88e4e464f264bb497b59c78ad577a5bfd440aa8a3e53cd8c1b9ad1c9eb35298749a1b9b00d4f00f0a7762336b048af0b
Static task
static1
Behavioral task
behavioral1
Sample
fe470cc413832c123ad22bbfc1c4d5ba7762e9d23fd160ecbbcdffd3caadf947.exe
Resource
win7-20220331-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
fe470cc413832c123ad22bbfc1c4d5ba7762e9d23fd160ecbbcdffd3caadf947
-
Size
12.3MB
-
MD5
601c098a1dfd3f8362cfaf5580e0a876
-
SHA1
7bcd26e0f2d452fba0f4be6e4439314a82248be7
-
SHA256
fe470cc413832c123ad22bbfc1c4d5ba7762e9d23fd160ecbbcdffd3caadf947
-
SHA512
942468e4617a1413ffb96ae3af1e9beb88e4e464f264bb497b59c78ad577a5bfd440aa8a3e53cd8c1b9ad1c9eb35298749a1b9b00d4f00f0a7762336b048af0b
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-