General
-
Target
c6685e7164454ed843a6c63bb7566cb5c2a9f83560a44b6650895ee0d8d022cc
-
Size
29.7MB
-
Sample
220328-v3ytkacfb3
-
MD5
0e9ab7f4dcb305c6bd6edf4e30c149e7
-
SHA1
1ffaa8faf1f3ac493657334c8c0260aa8a3d59b0
-
SHA256
c6685e7164454ed843a6c63bb7566cb5c2a9f83560a44b6650895ee0d8d022cc
-
SHA512
46ff2ad842ffd8d1bba6b3ad3ca01a1829f180145ebc457c7fa626b3ef47dcbcf9e4e67367f4470eb78387ccee602e31a9fba2f1a274fb979020fe0c9621dd00
Static task
static1
Behavioral task
behavioral1
Sample
c6685e7164454ed843a6c63bb7566cb5c2a9f83560a44b6650895ee0d8d022cc.exe
Resource
win7-20220311-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
c6685e7164454ed843a6c63bb7566cb5c2a9f83560a44b6650895ee0d8d022cc
-
Size
29.7MB
-
MD5
0e9ab7f4dcb305c6bd6edf4e30c149e7
-
SHA1
1ffaa8faf1f3ac493657334c8c0260aa8a3d59b0
-
SHA256
c6685e7164454ed843a6c63bb7566cb5c2a9f83560a44b6650895ee0d8d022cc
-
SHA512
46ff2ad842ffd8d1bba6b3ad3ca01a1829f180145ebc457c7fa626b3ef47dcbcf9e4e67367f4470eb78387ccee602e31a9fba2f1a274fb979020fe0c9621dd00
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-