General
-
Target
5380339dce6f8040d5978ff453e9bc97dc621887e22d4ac80a00fe38c2ed1d03
-
Size
28.9MB
-
Sample
220508-s3k7cseael
-
MD5
08ad3edb11e3b0c511e979c8105faaee
-
SHA1
687cb2f37095fb79531a950a1eef9b80945dbd83
-
SHA256
5380339dce6f8040d5978ff453e9bc97dc621887e22d4ac80a00fe38c2ed1d03
-
SHA512
b6e7aea4ddaf3a0504a937a0deef27d5e03e839c4aa611a1bb2ff3bd20fece2bba62a629c26a136329d56696290b61b31327d5e22d0c7fa6d7e1a5352a59cf52
Static task
static1
Behavioral task
behavioral1
Sample
5380339dce6f8040d5978ff453e9bc97dc621887e22d4ac80a00fe38c2ed1d03.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
5380339dce6f8040d5978ff453e9bc97dc621887e22d4ac80a00fe38c2ed1d03
-
Size
28.9MB
-
MD5
08ad3edb11e3b0c511e979c8105faaee
-
SHA1
687cb2f37095fb79531a950a1eef9b80945dbd83
-
SHA256
5380339dce6f8040d5978ff453e9bc97dc621887e22d4ac80a00fe38c2ed1d03
-
SHA512
b6e7aea4ddaf3a0504a937a0deef27d5e03e839c4aa611a1bb2ff3bd20fece2bba62a629c26a136329d56696290b61b31327d5e22d0c7fa6d7e1a5352a59cf52
-
Modifies security service
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-