General
-
Target
82a730933d3fe64cc9c17cd1144e99ce
-
Size
11.7MB
-
Sample
220802-1ay7hsdagl
-
MD5
82a730933d3fe64cc9c17cd1144e99ce
-
SHA1
bb87afc579bbeb0cf820b99b5ce3af84dd8f646a
-
SHA256
4cce0df1d375da9741814d70f117deee67d1beab317fb746d3ebefdcb8dff90c
-
SHA512
c8107b24896a95b03496e03fc631aa12d9ca02b911a5bad6439cf5bc61372b3120b6dab3c5d81607f2ac165408ae9f208a0b0ece8beb0dfc218897d201ec1005
Static task
static1
Behavioral task
behavioral1
Sample
82a730933d3fe64cc9c17cd1144e99ce.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
82a730933d3fe64cc9c17cd1144e99ce.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
raccoon
517bb0d640c1242c3f069aab3d1018d6
http://51.195.166.178/
Targets
-
-
Target
82a730933d3fe64cc9c17cd1144e99ce
-
Size
11.7MB
-
MD5
82a730933d3fe64cc9c17cd1144e99ce
-
SHA1
bb87afc579bbeb0cf820b99b5ce3af84dd8f646a
-
SHA256
4cce0df1d375da9741814d70f117deee67d1beab317fb746d3ebefdcb8dff90c
-
SHA512
c8107b24896a95b03496e03fc631aa12d9ca02b911a5bad6439cf5bc61372b3120b6dab3c5d81607f2ac165408ae9f208a0b0ece8beb0dfc218897d201ec1005
-
Raccoon Stealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-