General
-
Target
d48685cf79e5ad02938f6cb1865d6ef478d8c2fe606ec68bc9f6ac8a5ff2e1ec
-
Size
16.1MB
-
Sample
220330-lqnndsffel
-
MD5
97184d3791b7f05b0bd9ae8c03b362a3
-
SHA1
32360627f708975b0d7b1c950529b50716c95490
-
SHA256
d48685cf79e5ad02938f6cb1865d6ef478d8c2fe606ec68bc9f6ac8a5ff2e1ec
-
SHA512
b9def6a9f7059c0d3e38638411ad812f7135d1bc198e901242f2d4dcc88b0dc94cc7f149cb0f105383274cbce5133a129b9190e5649b5e17b94ac2550813d32b
Static task
static1
Behavioral task
behavioral1
Sample
d48685cf79e5ad02938f6cb1865d6ef478d8c2fe606ec68bc9f6ac8a5ff2e1ec.exe
Resource
win7-20220331-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
5eaa41b3101d5537f786a35da1878f0d1d760e53
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
d48685cf79e5ad02938f6cb1865d6ef478d8c2fe606ec68bc9f6ac8a5ff2e1ec
-
Size
16.1MB
-
MD5
97184d3791b7f05b0bd9ae8c03b362a3
-
SHA1
32360627f708975b0d7b1c950529b50716c95490
-
SHA256
d48685cf79e5ad02938f6cb1865d6ef478d8c2fe606ec68bc9f6ac8a5ff2e1ec
-
SHA512
b9def6a9f7059c0d3e38638411ad812f7135d1bc198e901242f2d4dcc88b0dc94cc7f149cb0f105383274cbce5133a129b9190e5649b5e17b94ac2550813d32b
-
Modifies security service
-
Raccoon Stealer Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-