General
-
Target
37064910d05f95e154851a0ec2c22c35b7d2463a592942b6032030a5a95eab7c
-
Size
3.1MB
-
Sample
220626-a18wjaadfn
-
MD5
c636b54acee32b73df5496427dc12c09
-
SHA1
378fdf29f46c9472c740337b8049939530fad63e
-
SHA256
37064910d05f95e154851a0ec2c22c35b7d2463a592942b6032030a5a95eab7c
-
SHA512
a4f4e203f46f41b4ca20e73466bb39ca4951b240dd0bbef2250775006d8de9af2270b3c7643a7a009592f8e71d712965142c216b2586b2a97791580b017355ca
Malware Config
Extracted
raccoon
1.7.3
9afb493c6f82d08075dbbfa7d93ce97f1dbf4733
-
url4cnc
https://tttttt.me/antitantief3
Targets
-
-
Target
37064910d05f95e154851a0ec2c22c35b7d2463a592942b6032030a5a95eab7c
-
Size
3.1MB
-
MD5
c636b54acee32b73df5496427dc12c09
-
SHA1
378fdf29f46c9472c740337b8049939530fad63e
-
SHA256
37064910d05f95e154851a0ec2c22c35b7d2463a592942b6032030a5a95eab7c
-
SHA512
a4f4e203f46f41b4ca20e73466bb39ca4951b240dd0bbef2250775006d8de9af2270b3c7643a7a009592f8e71d712965142c216b2586b2a97791580b017355ca
Score10/10-
FFDroider
Stealer targeting social media platform users first seen in April 2022.
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon Stealer Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-