General
-
Target
Adobe Photoshop.zip
-
Size
80.0MB
-
Sample
220731-yk13rafaal
-
MD5
3b923500309cc068c36e53658d44a5b7
-
SHA1
a6c484b2580f336891a7f17143d344db1e70121c
-
SHA256
5989b781d8ad5f8de91ba8c422775beca32e65f2c26f8b984bc32000fe0e1f14
-
SHA512
8acd10d7c4c333781bb62979c1d048d1e2463792661d9f09f4d7d5e9a2b971de34b5f9bc6adcd9f72067842962d69223040b37a7429ef060e1ba42f129644a12
Static task
static1
Behavioral task
behavioral1
Sample
Adobe Photoshop/launch.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Adobe Photoshop/launch.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
raccoon
8f4e4706e9b4e3a904862901d32e2123
http://78.159.97.21/
Targets
-
-
Target
Adobe Photoshop/launch.exe
-
Size
726.9MB
-
MD5
82b2e51d00cd2772192c2b95d3f2397a
-
SHA1
9a2016129ff3705578b1515081afe70fdc773b05
-
SHA256
3315a41edc891859ff09a80ad17011408aef7456fd3f75619dccb180c69e54ba
-
SHA512
6575a1b4d43737e5d3e837d993387e0a64afca9a022d2c1db11a024f5b74405273a11e5ef408520827f983dd930516c9c2ae7cbbd84057321cd3a6cbd02a5872
-
Raccoon Stealer payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-