General
-
Target
620FF1255537948FB40D6F93F6C36576.fil
-
Size
1.8MB
-
Sample
220801-1lzbnaaehj
-
MD5
620ff1255537948fb40d6f93f6c36576
-
SHA1
23a248ded4a691e42ad988dc07c13ec06954d514
-
SHA256
1bae722ee868e28f1add003882ea885a2b6899b4dead1fc885608af2535a9a2d
-
SHA512
83914b53f5ab05f411611230dcfe525fb273ce24c82db333a3682b1cb4b74cbebf104f754e75e432b5fa7476b35d141f03b029166682dd34a451aaa01b954159
Static task
static1
Behavioral task
behavioral1
Sample
620FF1255537948FB40D6F93F6C36576.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
620FF1255537948FB40D6F93F6C36576.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
http://hyperhyper8.com/welcome
Extracted
raccoon
c4376f037b1703b305ca5fb81f6ffc21
http://74.119.192.73/
http://77.75.230.84/
Targets
-
-
Target
620FF1255537948FB40D6F93F6C36576.fil
-
Size
1.8MB
-
MD5
620ff1255537948fb40d6f93f6c36576
-
SHA1
23a248ded4a691e42ad988dc07c13ec06954d514
-
SHA256
1bae722ee868e28f1add003882ea885a2b6899b4dead1fc885608af2535a9a2d
-
SHA512
83914b53f5ab05f411611230dcfe525fb273ce24c82db333a3682b1cb4b74cbebf104f754e75e432b5fa7476b35d141f03b029166682dd34a451aaa01b954159
-
Raccoon Stealer payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-