General
-
Target
116174e4a008581dd7d50dcddaf8d9f110c9be6861015d48d6a672e71ecaee8a
-
Size
5.5MB
-
Sample
220419-dck2cacbd5
-
MD5
454d5e18e6611f5176234a877c7217fe
-
SHA1
ab8561630f86501cbf8241d8ab2a6a0cb019f8ba
-
SHA256
116174e4a008581dd7d50dcddaf8d9f110c9be6861015d48d6a672e71ecaee8a
-
SHA512
3199487e95110612612f9fbc68d1ff7d3ded4c09f72c4999905cf4d84c0c966fecf74798a91971f2496c5143c150fefe4070d826541a834c4e8a3c57d7e9f475
Static task
static1
Behavioral task
behavioral1
Sample
116174e4a008581dd7d50dcddaf8d9f110c9be6861015d48d6a672e71ecaee8a.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
1.7.1-hotfix
0422feff6c251ddfdca83125d9b8ae570db3b316
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
116174e4a008581dd7d50dcddaf8d9f110c9be6861015d48d6a672e71ecaee8a
-
Size
5.5MB
-
MD5
454d5e18e6611f5176234a877c7217fe
-
SHA1
ab8561630f86501cbf8241d8ab2a6a0cb019f8ba
-
SHA256
116174e4a008581dd7d50dcddaf8d9f110c9be6861015d48d6a672e71ecaee8a
-
SHA512
3199487e95110612612f9fbc68d1ff7d3ded4c09f72c4999905cf4d84c0c966fecf74798a91971f2496c5143c150fefe4070d826541a834c4e8a3c57d7e9f475
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-