General
-
Target
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5
-
Size
3MB
-
Sample
220705-tjcljsagan
-
MD5
bde658028be8d6983c7212e1f550be81
-
SHA1
0be7bb34651d1226cd2030ef495316536540668e
-
SHA256
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5
-
SHA512
836af2244eda3ee6922c091604a24c89f42499a7cb1cf9194a0ab73b01232132abc4a616a326fdab2548cb614a65ea539d49f43d083dee54848f54181150b855
Static task
static1
Behavioral task
behavioral1
Sample
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
raccoon
c4376f037b1703b305ca5fb81f6ffc21
http://45.8.144.53/
http://77.91.73.154/
Targets
-
-
Target
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5
-
Size
3MB
-
MD5
bde658028be8d6983c7212e1f550be81
-
SHA1
0be7bb34651d1226cd2030ef495316536540668e
-
SHA256
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5
-
SHA512
836af2244eda3ee6922c091604a24c89f42499a7cb1cf9194a0ab73b01232132abc4a616a326fdab2548cb614a65ea539d49f43d083dee54848f54181150b855
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-