General
-
Target
0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d
-
Size
516KB
-
Sample
220511-c7w7esdhf9
-
MD5
a77b9e35defc578f734e2d95f96e2a31
-
SHA1
f33bcfb0ee9d064b2f5bc55f3a0de16391af3aaa
-
SHA256
0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d
-
SHA512
c456633dd2295f607e56570ce9ca7e424ba0273aa4c42589220eac2f77b603f74dc6184e638d2598bc0c384a140467c93222e9d8ee29b6b56369dced2a8d9e0a
Static task
static1
Behavioral task
behavioral1
Sample
0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
raccoon
87602aad8b4abffeb6a1ca955b58feb09879eb88
-
url4cnc
https://telete.in/jhummybear11
Targets
-
-
Target
0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d
-
Size
516KB
-
MD5
a77b9e35defc578f734e2d95f96e2a31
-
SHA1
f33bcfb0ee9d064b2f5bc55f3a0de16391af3aaa
-
SHA256
0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d
-
SHA512
c456633dd2295f607e56570ce9ca7e424ba0273aa4c42589220eac2f77b603f74dc6184e638d2598bc0c384a140467c93222e9d8ee29b6b56369dced2a8d9e0a
-
Raccoon Stealer Payload
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Drops startup file
-
Suspicious use of SetThreadContext
-