General
-
Target
ddd8c18b11bd29f0d061464c357e20f8d9cc586e8abbcbc2f954f25bdc5968f3
-
Size
24.9MB
-
Sample
220327-y4fwxsghcn
-
MD5
d418bbd93bfc2cb53a5f21a9ec60b94f
-
SHA1
ccee5a8a47901f54171454a6f27d029ba93352f6
-
SHA256
ddd8c18b11bd29f0d061464c357e20f8d9cc586e8abbcbc2f954f25bdc5968f3
-
SHA512
e554a6e9e7e994e90f7104a21f1ef564c2fd807328e5ae5cc7197429fc4ebeeddf2e4cb4c1efd89ea55b257396e9dbea7f13aa17003fb86500dbb98f2a7160f2
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
ddd8c18b11bd29f0d061464c357e20f8d9cc586e8abbcbc2f954f25bdc5968f3
-
Size
24.9MB
-
MD5
d418bbd93bfc2cb53a5f21a9ec60b94f
-
SHA1
ccee5a8a47901f54171454a6f27d029ba93352f6
-
SHA256
ddd8c18b11bd29f0d061464c357e20f8d9cc586e8abbcbc2f954f25bdc5968f3
-
SHA512
e554a6e9e7e994e90f7104a21f1ef564c2fd807328e5ae5cc7197429fc4ebeeddf2e4cb4c1efd89ea55b257396e9dbea7f13aa17003fb86500dbb98f2a7160f2
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon Stealer Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-