General
-
Target
573507aa434e919608f3502c2817f98bd463f3d1610e26f2916898db4bd74a65
-
Size
23.9MB
-
Sample
220503-xzc4ssdber
-
MD5
2a7b925307080a43eddb3d524cb9e278
-
SHA1
9b921c9f66eff0227a5b0c3bf214c0a5dc22c77f
-
SHA256
573507aa434e919608f3502c2817f98bd463f3d1610e26f2916898db4bd74a65
-
SHA512
78a5aea6247bbdaefb971aa76ff2a7cf99b46d2c2e9dfd75f623fb50d3f7f47e6317cbd11bfe6bc8183526bfe6016f0f3dfa7a97c038020acc33be18894fad55
Malware Config
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
573507aa434e919608f3502c2817f98bd463f3d1610e26f2916898db4bd74a65
-
Size
23.9MB
-
MD5
2a7b925307080a43eddb3d524cb9e278
-
SHA1
9b921c9f66eff0227a5b0c3bf214c0a5dc22c77f
-
SHA256
573507aa434e919608f3502c2817f98bd463f3d1610e26f2916898db4bd74a65
-
SHA512
78a5aea6247bbdaefb971aa76ff2a7cf99b46d2c2e9dfd75f623fb50d3f7f47e6317cbd11bfe6bc8183526bfe6016f0f3dfa7a97c038020acc33be18894fad55
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-