General
-
Target
9c31cbdfa968ba3596b2def16918deef63b0c91fcef4999b8b8c6b44ead8e198
-
Size
340KB
-
Sample
220802-l44lrsdfe2
-
MD5
e83348ed800e307732d6a674ffec8a90
-
SHA1
9de9d2ea7512f3c76687b2d7c6ec695af477b538
-
SHA256
9c31cbdfa968ba3596b2def16918deef63b0c91fcef4999b8b8c6b44ead8e198
-
SHA512
18bb3f93e5586001f43d673df5c13df061e7fc68b6593c10e1db70c95c18072db4951ef68b2c461c3a60791ce77024117ee461c1a7e15a1a1c57446d4d4371e4
Static task
static1
Behavioral task
behavioral1
Sample
9c31cbdfa968ba3596b2def16918deef63b0c91fcef4999b8b8c6b44ead8e198.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
raccoon
125a9422607402ad773f580d72e3170b
http://91.242.229.142/
Targets
-
-
Target
9c31cbdfa968ba3596b2def16918deef63b0c91fcef4999b8b8c6b44ead8e198
-
Size
340KB
-
MD5
e83348ed800e307732d6a674ffec8a90
-
SHA1
9de9d2ea7512f3c76687b2d7c6ec695af477b538
-
SHA256
9c31cbdfa968ba3596b2def16918deef63b0c91fcef4999b8b8c6b44ead8e198
-
SHA512
18bb3f93e5586001f43d673df5c13df061e7fc68b6593c10e1db70c95c18072db4951ef68b2c461c3a60791ce77024117ee461c1a7e15a1a1c57446d4d4371e4
-
Raccoon Stealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-