General
-
Target
35ffc986d369b7ebda2e69d37cfac6b8.exe
-
Size
2.6MB
-
Sample
220805-wcavgsffb8
-
MD5
35ffc986d369b7ebda2e69d37cfac6b8
-
SHA1
fe80513205e9176a156f2e00ea9762baa6131a0f
-
SHA256
5b037a43064259317c81f5f4192fc8b54cd218d3d9772201ec52b0680453ceb4
-
SHA512
fed41f9b20cf370f93507663bf583f762d61fda3df1908aed4238992fe1f15822f8a783c802e9789f8b10aaa4d128831365c6866d1abea46044093a927622640
Behavioral task
behavioral1
Sample
35ffc986d369b7ebda2e69d37cfac6b8.exe
Resource
win7-20220715-en
Malware Config
Extracted
raccoon
95a5f22777e49d40d70bf77aadccdc5c
http://193.43.147.6/
Targets
-
-
Target
35ffc986d369b7ebda2e69d37cfac6b8.exe
-
Size
2.6MB
-
MD5
35ffc986d369b7ebda2e69d37cfac6b8
-
SHA1
fe80513205e9176a156f2e00ea9762baa6131a0f
-
SHA256
5b037a43064259317c81f5f4192fc8b54cd218d3d9772201ec52b0680453ceb4
-
SHA512
fed41f9b20cf370f93507663bf583f762d61fda3df1908aed4238992fe1f15822f8a783c802e9789f8b10aaa4d128831365c6866d1abea46044093a927622640
-
Raccoon Stealer payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-