Overview

overview

10

Static

static

7

Setup.exe

windows10_x64

10

Resubmissions

08-07-2022 06:59

220708-hsbvtsgcf2 10

08-07-2022 06:44

220708-hhtmwsdffl 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Open_with_Pass_1234.rar

  • Size

    6.0MB

  • Sample

    220708-hsbvtsgcf2

  • MD5

    43c600be3be59b952884896bcb436137

  • SHA1

    46aedea28061f1f70006631ec1623bf1c4a1e0f2

  • SHA256

    ac213f59b8e531996dd838fa8b00ee83d06f6f9651282b5a21ed534fe956706e

  • SHA512

    05f1015252d14cf0881467b2d63fc7302ea0c97d7606b6f6267acd8d10775bf5b0c1474c053bb8cada4495cb4005c9abbba95304c7c8aeb894d042cf38000a1a

Score
10/10
raccoondiscoveryevasionspywarestealersuricatathemidatrojan

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      392.0MB

    • MD5

      86a7afbd5dd056e989c5f2d54a83dec0

    • SHA1

      81f4b5f2c3d53559d2788c3235006d693b40a090

    • SHA256

      f7227fd311224935d11cbfd8c08a9c81c77c368286e39e9344778db1ecae50d4

    • SHA512

      c75076a8e385d03bc6c1042f2972bbe96c063e61a5b8f33a87657890c07000ee8f81f20ed92bcd74293c02a3a1af09ce55d2852bc4f7fd0d61cc47c2fc3ac8e8

    Score
    10/10
    raccoondiscoveryevasionspywarestealersuricatathemidatrojan

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • suricata: ET MALWARE Generic .bin download from Dotted Quad

      suricata: ET MALWARE Generic .bin download from Dotted Quad

      suricata

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks