General
-
Target
88a1e6e3bd358504c267588fd3f73466f93c5e5c16f3d3febbb6885545ff3a9c
-
Size
338KB
-
Sample
220802-qmjbqafca3
-
MD5
fbd35d25adc8d0b6c596873080fca897
-
SHA1
ff7181b2404ae6160588cae61ccf55b30a31df88
-
SHA256
88a1e6e3bd358504c267588fd3f73466f93c5e5c16f3d3febbb6885545ff3a9c
-
SHA512
1fca6790d2d8bc6e3b7fe93c40db37b3e460ad4a21e43853d81fa01f2ceeebbcf0030f4f375e6b2ee17fbf4a7d61f5068b36f3d223ca702bc37b75a96b039bb8
Static task
static1
Malware Config
Extracted
raccoon
125a9422607402ad773f580d72e3170b
http://91.242.229.142/
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/
Targets
-
-
Target
88a1e6e3bd358504c267588fd3f73466f93c5e5c16f3d3febbb6885545ff3a9c
-
Size
338KB
-
MD5
fbd35d25adc8d0b6c596873080fca897
-
SHA1
ff7181b2404ae6160588cae61ccf55b30a31df88
-
SHA256
88a1e6e3bd358504c267588fd3f73466f93c5e5c16f3d3febbb6885545ff3a9c
-
SHA512
1fca6790d2d8bc6e3b7fe93c40db37b3e460ad4a21e43853d81fa01f2ceeebbcf0030f4f375e6b2ee17fbf4a7d61f5068b36f3d223ca702bc37b75a96b039bb8
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Raccoon Stealer payload
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-