General
-
Target
Setup.exe
-
Size
415.8MB
-
Sample
220721-pz49aagack
-
MD5
537f5c15082b2687746ef07deb733c71
-
SHA1
368f382c60f1d4299da5c5f492ee1259af721885
-
SHA256
22d607e2633b473c978d232b6603ca268b5f37cfcdd6f45fb91842bec3c8bc83
-
SHA512
d698f1ad3abdbc61477cac126871823040b4e7374985019f64517ec2ac2c28ec6ddbe59164e087215cc345f9f9e51e9f645d4fe3ff3ba7d849ecfe5a96c371b9
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
415.8MB
-
MD5
537f5c15082b2687746ef07deb733c71
-
SHA1
368f382c60f1d4299da5c5f492ee1259af721885
-
SHA256
22d607e2633b473c978d232b6603ca268b5f37cfcdd6f45fb91842bec3c8bc83
-
SHA512
d698f1ad3abdbc61477cac126871823040b4e7374985019f64517ec2ac2c28ec6ddbe59164e087215cc345f9f9e51e9f645d4fe3ff3ba7d849ecfe5a96c371b9
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
suricata: ET MALWARE Generic .bin download from Dotted Quad
suricata: ET MALWARE Generic .bin download from Dotted Quad
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-