General
-
Target
388795474ae18c4081a0ecc729fa8ccdc11472e6d5c116201ae6b8115a672bfa
-
Size
6.2MB
-
Sample
220828-txmnnschb7
-
MD5
1be314e1768d62086affbff540544abe
-
SHA1
936c3caa6dd2c5cab3629c63737106138522dc3e
-
SHA256
388795474ae18c4081a0ecc729fa8ccdc11472e6d5c116201ae6b8115a672bfa
-
SHA512
d1b659491c2f88f4c51e55c1b15701120cd00056d2088880af1138e35dd3b1955dd0e916a126d8a02616df8ee67b45ed9d64b522e56c1008fe8013e1400f8cc9
-
SSDEEP
98304:sruyIWhpz7PJU3hjsiBSIkMrzVXXU68V3etowGt4wXAsrUniSBOvGcFJKVY:IuyIW9UxjpDdEN3/DtLwdnLBOvGp+
Static task
static1
Malware Config
Extracted
raccoon
3eb898957657df9f0625e29daa9c1704
http://89.185.85.53/
Targets
-
-
Target
388795474ae18c4081a0ecc729fa8ccdc11472e6d5c116201ae6b8115a672bfa
-
Size
6.2MB
-
MD5
1be314e1768d62086affbff540544abe
-
SHA1
936c3caa6dd2c5cab3629c63737106138522dc3e
-
SHA256
388795474ae18c4081a0ecc729fa8ccdc11472e6d5c116201ae6b8115a672bfa
-
SHA512
d1b659491c2f88f4c51e55c1b15701120cd00056d2088880af1138e35dd3b1955dd0e916a126d8a02616df8ee67b45ed9d64b522e56c1008fe8013e1400f8cc9
-
SSDEEP
98304:sruyIWhpz7PJU3hjsiBSIkMrzVXXU68V3etowGt4wXAsrUniSBOvGcFJKVY:IuyIW9UxjpDdEN3/DtLwdnLBOvGp+
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-