General
-
Target
setup.exe
-
Size
1.8MB
-
Sample
220730-pjmpasahc6
-
MD5
1094e15cf94af4d7496ba97e503001b3
-
SHA1
4b0740ac778939ceb43a676831f825291ca70d4e
-
SHA256
3104d062801e5059e77f82102bacfef55646f0c0c24f3d7b03b98e012e2a5514
-
SHA512
aef9e67e6b5abb51f8cbd501808fdf39eafb44b16daac1b737cf63813bf47f09d12a2826e99f756a7b5235c6b4afdd5e128af4ae1c23998fea03427d2d55f2d8
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
http://hyperhyper8.com/welcome
Extracted
raccoon
c4376f037b1703b305ca5fb81f6ffc21
http://77.75.230.46/
http://5.252.23.142/
Targets
-
-
Target
setup.exe
-
Size
1.8MB
-
MD5
1094e15cf94af4d7496ba97e503001b3
-
SHA1
4b0740ac778939ceb43a676831f825291ca70d4e
-
SHA256
3104d062801e5059e77f82102bacfef55646f0c0c24f3d7b03b98e012e2a5514
-
SHA512
aef9e67e6b5abb51f8cbd501808fdf39eafb44b16daac1b737cf63813bf47f09d12a2826e99f756a7b5235c6b4afdd5e128af4ae1c23998fea03427d2d55f2d8
Score10/10-
Raccoon Stealer payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-