General
-
Target
0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c
-
Size
11.9MB
-
Sample
220511-28yjbafccl
-
MD5
ae44cb5905231939a38e31a32f521ec0
-
SHA1
bf1b665e2f791b924d9015262c8d6e16b71cb548
-
SHA256
0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c
-
SHA512
34381d4fe7553e3325518bd85582f13d40db59f3bdecea18d1b2abea4b01816bcc325bfb693d0c5f9cb38786d000d4fa4938b56b968ab1fe614be7554dc82e3f
Static task
static1
Behavioral task
behavioral1
Sample
0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c
-
Size
11.9MB
-
MD5
ae44cb5905231939a38e31a32f521ec0
-
SHA1
bf1b665e2f791b924d9015262c8d6e16b71cb548
-
SHA256
0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c
-
SHA512
34381d4fe7553e3325518bd85582f13d40db59f3bdecea18d1b2abea4b01816bcc325bfb693d0c5f9cb38786d000d4fa4938b56b968ab1fe614be7554dc82e3f
-
Modifies security service
-
Raccoon Stealer Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-