General
-
Target
244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d
-
Size
6.1MB
-
Sample
220327-d4qe5scgb7
-
MD5
c859fb3bca9940a5768c6f30ddf7fc68
-
SHA1
2706e6c0db0b097d53e442f571d574152822e7a4
-
SHA256
244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d
-
SHA512
286a517137f9759d04d8b50b3ac685a59c29a83f3a1027ff6f3c586b9b06e20e104b7230a7ddfc25fc63ed92692a7b03d9a75a2cd5a859803300bafc9ed2cc48
Static task
static1
Behavioral task
behavioral1
Sample
244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d.exe
Resource
win7-20220331-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d
-
Size
6.1MB
-
MD5
c859fb3bca9940a5768c6f30ddf7fc68
-
SHA1
2706e6c0db0b097d53e442f571d574152822e7a4
-
SHA256
244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d
-
SHA512
286a517137f9759d04d8b50b3ac685a59c29a83f3a1027ff6f3c586b9b06e20e104b7230a7ddfc25fc63ed92692a7b03d9a75a2cd5a859803300bafc9ed2cc48
-
Modifies security service
-
Raccoon Stealer Payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-