General
-
Target
30b1210d7a8774d27e3494fdd663801b80bc1100af9cf2d884fa9a7578bd40f8
-
Size
339KB
-
Sample
220802-nwbxwsedf5
-
MD5
8f02d0e04044a51ac31aa3b5b6c71e25
-
SHA1
52ddf5b8727e4d15cf440ebc899454cb46ef379f
-
SHA256
30b1210d7a8774d27e3494fdd663801b80bc1100af9cf2d884fa9a7578bd40f8
-
SHA512
fd90c0d1e6a04e8cca57862ef9c26c6471d6e334c416c7b0cd5cff269d5e34d692f68c92745550482be829c838982f20a3acc34693e06010e0369567c301b82c
Static task
static1
Malware Config
Extracted
raccoon
125a9422607402ad773f580d72e3170b
http://91.242.229.142/
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/
Targets
-
-
Target
30b1210d7a8774d27e3494fdd663801b80bc1100af9cf2d884fa9a7578bd40f8
-
Size
339KB
-
MD5
8f02d0e04044a51ac31aa3b5b6c71e25
-
SHA1
52ddf5b8727e4d15cf440ebc899454cb46ef379f
-
SHA256
30b1210d7a8774d27e3494fdd663801b80bc1100af9cf2d884fa9a7578bd40f8
-
SHA512
fd90c0d1e6a04e8cca57862ef9c26c6471d6e334c416c7b0cd5cff269d5e34d692f68c92745550482be829c838982f20a3acc34693e06010e0369567c301b82c
-
Raccoon Stealer payload
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-