General
-
Target
c6ad97890dc966035ef6555016dd28e424472288c972d7c98a273951a33cb18b
-
Size
3.2MB
-
Sample
220511-3al83acfd9
-
MD5
e5f1ff0079899d0074b78e701e7ec8fe
-
SHA1
e9857d834d20f5909ea4a88ed58eb2bd0eceaa8b
-
SHA256
c6ad97890dc966035ef6555016dd28e424472288c972d7c98a273951a33cb18b
-
SHA512
c980906d9ff1ea9229e50d000e99bea1e4ced00c17e3aa632d904334cd2f6ee05e89ad9d02b6782fc7b056139e382a9c986c7528632122ab347d5d488aeec5c4
Static task
static1
Behavioral task
behavioral1
Sample
c6ad97890dc966035ef6555016dd28e424472288c972d7c98a273951a33cb18b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c6ad97890dc966035ef6555016dd28e424472288c972d7c98a273951a33cb18b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
raccoon
7cd91e2e3ebf0259fe71e3eab9e1666577e3d950
-
url4cnc
https://telete.in/hcatknife
Targets
-
-
Target
c6ad97890dc966035ef6555016dd28e424472288c972d7c98a273951a33cb18b
-
Size
3.2MB
-
MD5
e5f1ff0079899d0074b78e701e7ec8fe
-
SHA1
e9857d834d20f5909ea4a88ed58eb2bd0eceaa8b
-
SHA256
c6ad97890dc966035ef6555016dd28e424472288c972d7c98a273951a33cb18b
-
SHA512
c980906d9ff1ea9229e50d000e99bea1e4ced00c17e3aa632d904334cd2f6ee05e89ad9d02b6782fc7b056139e382a9c986c7528632122ab347d5d488aeec5c4
-
Raccoon Stealer Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-