General
-
Target
22556e32f2ab3ac40ce2c5ce4d4198ede989b1ebd8674faead4d370bf9236029
-
Size
29.2MB
-
Sample
220417-r2xckabad9
-
MD5
5a878b9b2088c63c9b22de5ec3d58b69
-
SHA1
c23ec8e2ccbf7167fcc5ed2daafa2d7d5a2b4d02
-
SHA256
22556e32f2ab3ac40ce2c5ce4d4198ede989b1ebd8674faead4d370bf9236029
-
SHA512
17809b4771b90e417449264955b27660e5fe33f0749f111b68cf276734eaece087579b6242dcc564f66c01fb0a482b3e25856cf7a89f071fa2924b5c0c29bf53
Static task
static1
Behavioral task
behavioral1
Sample
22556e32f2ab3ac40ce2c5ce4d4198ede989b1ebd8674faead4d370bf9236029.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
22556e32f2ab3ac40ce2c5ce4d4198ede989b1ebd8674faead4d370bf9236029
-
Size
29.2MB
-
MD5
5a878b9b2088c63c9b22de5ec3d58b69
-
SHA1
c23ec8e2ccbf7167fcc5ed2daafa2d7d5a2b4d02
-
SHA256
22556e32f2ab3ac40ce2c5ce4d4198ede989b1ebd8674faead4d370bf9236029
-
SHA512
17809b4771b90e417449264955b27660e5fe33f0749f111b68cf276734eaece087579b6242dcc564f66c01fb0a482b3e25856cf7a89f071fa2924b5c0c29bf53
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-