General
-
Target
2fdb83691dfa4721f534b8b9e826033c.exe
-
Size
5.4MB
-
Sample
220806-3hpddscbdk
-
MD5
2fdb83691dfa4721f534b8b9e826033c
-
SHA1
381fd9c7ed88b97511382cc87b769f02bae4c0aa
-
SHA256
b20218ce17c3ddf455af2367397eda4e28d400484687c9d6b720e6e388a5b6d7
-
SHA512
8d15538d3b6e54592840117d23a694f7c16f2cb7395e3d54f800b135142394ee15aee961e17d834be02fa2019c0e46161bc5dee83ed8ece4557f0b7de0352449
Static task
static1
Behavioral task
behavioral1
Sample
2fdb83691dfa4721f534b8b9e826033c.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
2fdb83691dfa4721f534b8b9e826033c.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
raccoon
3d7feaf596b73f06759c9dbaa8490e71
http://146.19.247.151/
Targets
-
-
Target
2fdb83691dfa4721f534b8b9e826033c.exe
-
Size
5.4MB
-
MD5
2fdb83691dfa4721f534b8b9e826033c
-
SHA1
381fd9c7ed88b97511382cc87b769f02bae4c0aa
-
SHA256
b20218ce17c3ddf455af2367397eda4e28d400484687c9d6b720e6e388a5b6d7
-
SHA512
8d15538d3b6e54592840117d23a694f7c16f2cb7395e3d54f800b135142394ee15aee961e17d834be02fa2019c0e46161bc5dee83ed8ece4557f0b7de0352449
-
Raccoon Stealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-