General
-
Target
896A458CB385900B5F9397D053840F8E.fil
-
Size
1.8MB
-
Sample
220802-zpjjyaceam
-
MD5
896a458cb385900b5f9397d053840f8e
-
SHA1
9f6133903475848da6fe6d2696e0ec88d8707faa
-
SHA256
6ba8a17c779c8c5ddbe8c51d1a79bf7fde1fad96b8a9c743447300f1ca177c6d
-
SHA512
5936080d5741db3587e3553cead91b49b5faf8479ae217067fe4b2cfa9649405f7612d36237f72c6ba2ef7998882ec3427b2680b63410596e918ef390a2a77c9
Static task
static1
Behavioral task
behavioral1
Sample
896A458CB385900B5F9397D053840F8E.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
896A458CB385900B5F9397D053840F8E.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
http://hyperhyper8.com/welcome
Extracted
raccoon
c4376f037b1703b305ca5fb81f6ffc21
http://74.119.192.73/
http://77.75.230.84/
Targets
-
-
Target
896A458CB385900B5F9397D053840F8E.fil
-
Size
1.8MB
-
MD5
896a458cb385900b5f9397d053840f8e
-
SHA1
9f6133903475848da6fe6d2696e0ec88d8707faa
-
SHA256
6ba8a17c779c8c5ddbe8c51d1a79bf7fde1fad96b8a9c743447300f1ca177c6d
-
SHA512
5936080d5741db3587e3553cead91b49b5faf8479ae217067fe4b2cfa9649405f7612d36237f72c6ba2ef7998882ec3427b2680b63410596e918ef390a2a77c9
-
Raccoon Stealer payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-