General
-
Target
0x0006000000008527-58.dat
-
Size
727.3MB
-
Sample
220805-pa6e2sabfn
-
MD5
881cbc2da4c6467aec519f4909371af8
-
SHA1
ec9c0f602456802254ac2659cd0b42ef97d32b62
-
SHA256
dce4e4783ab5819869baae8b98812aabe7654ba2ff9d1e033548a52af93e89a5
-
SHA512
e1d3221d3663e09b8258a4b3ad77a201e18a7cc880b359edf1dd9a2123ed48c6b4888f27f7f9bad9b2da6328f5211fe709e94195e76288c9255997612415b098
Behavioral task
behavioral1
Sample
0x0006000000008527-58.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
0x0006000000008527-58.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
raccoon
517bb0d640c1242c3f069aab3d1018d6
http://51.195.166.178/
Targets
-
-
Target
0x0006000000008527-58.dat
-
Size
727.3MB
-
MD5
881cbc2da4c6467aec519f4909371af8
-
SHA1
ec9c0f602456802254ac2659cd0b42ef97d32b62
-
SHA256
dce4e4783ab5819869baae8b98812aabe7654ba2ff9d1e033548a52af93e89a5
-
SHA512
e1d3221d3663e09b8258a4b3ad77a201e18a7cc880b359edf1dd9a2123ed48c6b4888f27f7f9bad9b2da6328f5211fe709e94195e76288c9255997612415b098
-
Raccoon Stealer payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-