General
-
Target
812ea89ccfa0ed7c19abdac4729adbb60745451bd92cb2d71f478bf9b0be944e
-
Size
12.8MB
-
Sample
220419-cymavsgaer
-
MD5
6bd3725af2856133e2809e21747cabe6
-
SHA1
348224efe0b0d577e07a8a7e485dd24478d9bc7a
-
SHA256
812ea89ccfa0ed7c19abdac4729adbb60745451bd92cb2d71f478bf9b0be944e
-
SHA512
bebef876018daebda078925def106668d7943aeab32dca866cae9358e80b204ae031c85fc87a5a653bd389d298c7334c9d841491498b4e65e15c828c64f34536
Static task
static1
Behavioral task
behavioral1
Sample
812ea89ccfa0ed7c19abdac4729adbb60745451bd92cb2d71f478bf9b0be944e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
812ea89ccfa0ed7c19abdac4729adbb60745451bd92cb2d71f478bf9b0be944e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
0422feff6c251ddfdca83125d9b8ae570db3b316
-
url4cnc
https://telete.in/jbitchsucks
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
812ea89ccfa0ed7c19abdac4729adbb60745451bd92cb2d71f478bf9b0be944e
-
Size
12.8MB
-
MD5
6bd3725af2856133e2809e21747cabe6
-
SHA1
348224efe0b0d577e07a8a7e485dd24478d9bc7a
-
SHA256
812ea89ccfa0ed7c19abdac4729adbb60745451bd92cb2d71f478bf9b0be944e
-
SHA512
bebef876018daebda078925def106668d7943aeab32dca866cae9358e80b204ae031c85fc87a5a653bd389d298c7334c9d841491498b4e65e15c828c64f34536
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-