General
-
Target
7949bf47c55cb339d550fec6894d1d4705923c1667798bfe9b5adb7a5871efd1
-
Size
8.7MB
-
Sample
220419-cyxrlagagl
-
MD5
5cb6b5c313be5f64cb6674a947dfed25
-
SHA1
b0e4e82bb29ab7b466d1b55836f69b69bd6413ab
-
SHA256
7949bf47c55cb339d550fec6894d1d4705923c1667798bfe9b5adb7a5871efd1
-
SHA512
116dc5cc4e3e256a1183825fdac27c12f968f072788cfb5d1ed6620b1d2e84cab5d5d3dca227d11ba3076bbd5b9e03ff3779d530dd6e207c680551ade4dd1795
Static task
static1
Behavioral task
behavioral1
Sample
7949bf47c55cb339d550fec6894d1d4705923c1667798bfe9b5adb7a5871efd1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7949bf47c55cb339d550fec6894d1d4705923c1667798bfe9b5adb7a5871efd1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
0422feff6c251ddfdca83125d9b8ae570db3b316
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
7949bf47c55cb339d550fec6894d1d4705923c1667798bfe9b5adb7a5871efd1
-
Size
8.7MB
-
MD5
5cb6b5c313be5f64cb6674a947dfed25
-
SHA1
b0e4e82bb29ab7b466d1b55836f69b69bd6413ab
-
SHA256
7949bf47c55cb339d550fec6894d1d4705923c1667798bfe9b5adb7a5871efd1
-
SHA512
116dc5cc4e3e256a1183825fdac27c12f968f072788cfb5d1ed6620b1d2e84cab5d5d3dca227d11ba3076bbd5b9e03ff3779d530dd6e207c680551ade4dd1795
-
Modifies security service
-
Raccoon Stealer Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-