General
-
Target
88cef5feef42f61f722f8c37d67a7d0f6fd8073b976c045dae0b73dfad9aac14
-
Size
23.9MB
-
Sample
220417-r2ccdsbac7
-
MD5
512745955fe5608959d3fc199ac9dc31
-
SHA1
d0664644bdc26a8116eea76baf34f30e19d1d3a5
-
SHA256
88cef5feef42f61f722f8c37d67a7d0f6fd8073b976c045dae0b73dfad9aac14
-
SHA512
fa7a77f4532df75c00c9e13351086578ae43efd618c984778f3eb88b2570661f30f0004267aa7ee165df0bb0f04b176a8def1a57250edfd7d50bec1770f1e857
Static task
static1
Behavioral task
behavioral1
Sample
88cef5feef42f61f722f8c37d67a7d0f6fd8073b976c045dae0b73dfad9aac14.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
88cef5feef42f61f722f8c37d67a7d0f6fd8073b976c045dae0b73dfad9aac14
-
Size
23.9MB
-
MD5
512745955fe5608959d3fc199ac9dc31
-
SHA1
d0664644bdc26a8116eea76baf34f30e19d1d3a5
-
SHA256
88cef5feef42f61f722f8c37d67a7d0f6fd8073b976c045dae0b73dfad9aac14
-
SHA512
fa7a77f4532df75c00c9e13351086578ae43efd618c984778f3eb88b2570661f30f0004267aa7ee165df0bb0f04b176a8def1a57250edfd7d50bec1770f1e857
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-