General
-
Target
a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0
-
Size
21.3MB
-
Sample
220419-cst4hsbdb5
-
MD5
a2c4b05a18fae87bf93ee0952e4dd87e
-
SHA1
a797967d964d4af37624a8f4140338cee59f0b04
-
SHA256
a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0
-
SHA512
66743faa10b11e4964592b9bd1cd065f92da649caec5ad9b895a9227db55bb6ba7dcebe2f01359d46816a2542fa4bf58aa24c6fa75648c9b6e05d9a765b0c119
Static task
static1
Behavioral task
behavioral1
Sample
a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
0422feff6c251ddfdca83125d9b8ae570db3b316
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0
-
Size
21.3MB
-
MD5
a2c4b05a18fae87bf93ee0952e4dd87e
-
SHA1
a797967d964d4af37624a8f4140338cee59f0b04
-
SHA256
a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0
-
SHA512
66743faa10b11e4964592b9bd1cd065f92da649caec5ad9b895a9227db55bb6ba7dcebe2f01359d46816a2542fa4bf58aa24c6fa75648c9b6e05d9a765b0c119
-
Modifies security service
-
Raccoon Stealer Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-