General
-
Target
a3b879761be898f958456279f0ad23686c234643d7ee6f9407d4663bb0869053
-
Size
21.8MB
-
Sample
220508-s3dsaabaa8
-
MD5
944b5f9027c27fb6be138b79429286a2
-
SHA1
1c33941fe505490833b7691b34ebd3c40f3cee1a
-
SHA256
a3b879761be898f958456279f0ad23686c234643d7ee6f9407d4663bb0869053
-
SHA512
d390d84fe7cacd5506c4812e77d2a35314408e6864f73f812a813e51d5f470844deab13125cc0a0d840064ab0a78fe7c691e730c5b0e33ac2952a5191c644333
Static task
static1
Behavioral task
behavioral1
Sample
a3b879761be898f958456279f0ad23686c234643d7ee6f9407d4663bb0869053.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
a3b879761be898f958456279f0ad23686c234643d7ee6f9407d4663bb0869053
-
Size
21.8MB
-
MD5
944b5f9027c27fb6be138b79429286a2
-
SHA1
1c33941fe505490833b7691b34ebd3c40f3cee1a
-
SHA256
a3b879761be898f958456279f0ad23686c234643d7ee6f9407d4663bb0869053
-
SHA512
d390d84fe7cacd5506c4812e77d2a35314408e6864f73f812a813e51d5f470844deab13125cc0a0d840064ab0a78fe7c691e730c5b0e33ac2952a5191c644333
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-