General
-
Target
Setup.exe
-
Size
2.9MB
-
Sample
220731-f2s5csaea4
-
MD5
69b17d0f9389404a1228d310198b33e9
-
SHA1
d70d61353e3ce850e6891623336ebdab931d5530
-
SHA256
28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc
-
SHA512
6e4523f25ac22c39e3f942646ab85677cb65b367dc28e30d2e2cf69fe23692f160708afcfd9b31f3f85cae7f87eccd7c96a7fedcd30c23b0e768fd40b6012af8
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
raccoon
c4376f037b1703b305ca5fb81f6ffc21
http://77.91.102.57/
http://5.252.23.18/
Targets
-
-
Target
Setup.exe
-
Size
2.9MB
-
MD5
69b17d0f9389404a1228d310198b33e9
-
SHA1
d70d61353e3ce850e6891623336ebdab931d5530
-
SHA256
28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc
-
SHA512
6e4523f25ac22c39e3f942646ab85677cb65b367dc28e30d2e2cf69fe23692f160708afcfd9b31f3f85cae7f87eccd7c96a7fedcd30c23b0e768fd40b6012af8
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Raccoon Stealer payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-