General
-
Target
9c127b5d28ace094898a3682577fb269b1ae578727e79688c8b763953f1212a9
-
Size
27.1MB
-
Sample
220328-srjt6affak
-
MD5
ce84ce6fc120574a626dc6609b9ffba7
-
SHA1
24a7d8e1e0e23e40dbec6e4c648a6624cdcfbade
-
SHA256
9c127b5d28ace094898a3682577fb269b1ae578727e79688c8b763953f1212a9
-
SHA512
0fe4881e238d55863c48118ce30275f8ca302f6355a77869fa70b77ce4724db9145d7933be5918d32e1423344bc9a0b2ecd5a1f635fee1f11d37dce6407cc7a9
Static task
static1
Behavioral task
behavioral1
Sample
9c127b5d28ace094898a3682577fb269b1ae578727e79688c8b763953f1212a9.exe
Resource
win7-20220310-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
9c127b5d28ace094898a3682577fb269b1ae578727e79688c8b763953f1212a9
-
Size
27.1MB
-
MD5
ce84ce6fc120574a626dc6609b9ffba7
-
SHA1
24a7d8e1e0e23e40dbec6e4c648a6624cdcfbade
-
SHA256
9c127b5d28ace094898a3682577fb269b1ae578727e79688c8b763953f1212a9
-
SHA512
0fe4881e238d55863c48118ce30275f8ca302f6355a77869fa70b77ce4724db9145d7933be5918d32e1423344bc9a0b2ecd5a1f635fee1f11d37dce6407cc7a9
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-