General
-
Target
ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3
-
Size
23.2MB
-
Sample
220419-cta22afgem
-
MD5
c10573770859062893e7a2baec3c2a32
-
SHA1
bbe7f6c5d1dbba6a46d55f16f81734f9518b8f92
-
SHA256
ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3
-
SHA512
7087ffa1ebaa3e79111ed88c08866fddd99222237719d798759881f6417acbea12ddcee63b2f6018f25c82a71e94d47a8e7d04b7c382e708d507659f1ed3255f
Static task
static1
Behavioral task
behavioral1
Sample
ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
0422feff6c251ddfdca83125d9b8ae570db3b316
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3
-
Size
23.2MB
-
MD5
c10573770859062893e7a2baec3c2a32
-
SHA1
bbe7f6c5d1dbba6a46d55f16f81734f9518b8f92
-
SHA256
ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3
-
SHA512
7087ffa1ebaa3e79111ed88c08866fddd99222237719d798759881f6417acbea12ddcee63b2f6018f25c82a71e94d47a8e7d04b7c382e708d507659f1ed3255f
-
Modifies security service
-
Raccoon Stealer Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-