General
-
Target
37064910d05f95e154851a0ec2c22c35b7d2463a592942b6032030a5a95eab7c
-
Size
3.1MB
-
Sample
220626-a18wjaadfn
-
MD5
c636b54acee32b73df5496427dc12c09
-
SHA1
378fdf29f46c9472c740337b8049939530fad63e
-
SHA256
37064910d05f95e154851a0ec2c22c35b7d2463a592942b6032030a5a95eab7c
-
SHA512
a4f4e203f46f41b4ca20e73466bb39ca4951b240dd0bbef2250775006d8de9af2270b3c7643a7a009592f8e71d712965142c216b2586b2a97791580b017355ca
Static task
static1
Behavioral task
behavioral1
Sample
37064910d05f95e154851a0ec2c22c35b7d2463a592942b6032030a5a95eab7c.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
1.7.3
9afb493c6f82d08075dbbfa7d93ce97f1dbf4733
-
url4cnc
https://tttttt.me/antitantief3
Targets
-
-
Target
37064910d05f95e154851a0ec2c22c35b7d2463a592942b6032030a5a95eab7c
-
Size
3.1MB
-
MD5
c636b54acee32b73df5496427dc12c09
-
SHA1
378fdf29f46c9472c740337b8049939530fad63e
-
SHA256
37064910d05f95e154851a0ec2c22c35b7d2463a592942b6032030a5a95eab7c
-
SHA512
a4f4e203f46f41b4ca20e73466bb39ca4951b240dd0bbef2250775006d8de9af2270b3c7643a7a009592f8e71d712965142c216b2586b2a97791580b017355ca
-
Raccoon Stealer Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-