General
-
Target
b684c98dabb8b3e8338f906d1832ca09a8d34d7d79bf33262589b05133e550ed.exe
-
Size
2.7MB
-
Sample
220907-nxwnpahbgm
-
MD5
0e16d556ebee32aa41b5c6acd340b847
-
SHA1
575fa046410acacf4a3421a4e27f85eb8bce8a8c
-
SHA256
b684c98dabb8b3e8338f906d1832ca09a8d34d7d79bf33262589b05133e550ed
-
SHA512
f49ecff6cde2949168484bf977cdb142a01eb43ba532c7a4c4194025ce292eaf705c0ec653e44a8f10004818ca2340da85b30e35bec2f354c0c5aff5e2ef4bd2
-
SSDEEP
49152:N1FU4g6WyUPsuT1u8JLurz/i/5LMbT3j0DVfB1fBYwYTbk25k5p:NgDkwNFJLuHdoDVTmTj0
Static task
static1
Behavioral task
behavioral1
Sample
b684c98dabb8b3e8338f906d1832ca09a8d34d7d79bf33262589b05133e550ed.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b684c98dabb8b3e8338f906d1832ca09a8d34d7d79bf33262589b05133e550ed.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
raccoon
AAD43A9495219ECFD527F326F75F305BACDE370295D0A48A59F58B3F3B02492C942C6C8D8E6AFDE9D56DFEBDFD8FC7437B39DC2BE6DFB3E0B64F798C9D26073554496F59B70122FC57286FD6F4985A61C4EC457066BD3CA3854D04E6EBCE84ECACDC9E8290FBB06CA6B8DDBB8D9B557F4CD70CD6244D9B892D00F93366B963003AFDFB8CE34DF7C07A96B29F17B57B97B53B99C50E7DDD9DDF4B4E5EBB2F166219F15234FFC3B476B73973EA44933C932739AE436324571A1FF37C1B3CD17DF3A39FFA5886A98A257CA9C54D3C584E9A59A9BB56DDEB8A17B30E5FBDEEF00BAF3558BF24468C61979747E6562F1DC5162452F675FB416E1BC3273F990089E648
Extracted
raccoon
8eb14caca01131f5f4ff62ef8a0fcab4
http://135.181.147.255/
http://5.252.23.100/
Extracted
raccoon
0E6F37CD2C483E430EE4DBE4B89D2227E20F3536CFC31B768E86A384A0EE02523F5C39B9B2E4E24195BAE0A638F4BC7CC97945BBC94708274A7D1DDB98C7A5AB7A423D9AE5BD994B6FB807CCD7723A467CDB2521DD023557E1C3C10B3E1DAF2D76D7260D6ADDA558BD280E1ACFD4940F9FDF6C9B69D64C2F9426DC46941E4257C5EC60F21B3F08A099AFB972F46E203A5D7866AB28526F74C42625100FB5B7EA17529F6E514263A803447F94080FF390DEC7259FBB0C338AE67BFE9B9D91EA0214F10F54EAC59478E31693EB68ABEA824A999FD7B54BCA64CE18A57DA01F995A6A20B415D7746A2B3CA6E0BB98AAE2B9E4565BBB5D1DF8683340468688397770
Targets
-
-
Target
b684c98dabb8b3e8338f906d1832ca09a8d34d7d79bf33262589b05133e550ed.exe
-
Size
2.7MB
-
MD5
0e16d556ebee32aa41b5c6acd340b847
-
SHA1
575fa046410acacf4a3421a4e27f85eb8bce8a8c
-
SHA256
b684c98dabb8b3e8338f906d1832ca09a8d34d7d79bf33262589b05133e550ed
-
SHA512
f49ecff6cde2949168484bf977cdb142a01eb43ba532c7a4c4194025ce292eaf705c0ec653e44a8f10004818ca2340da85b30e35bec2f354c0c5aff5e2ef4bd2
-
SSDEEP
49152:N1FU4g6WyUPsuT1u8JLurz/i/5LMbT3j0DVfB1fBYwYTbk25k5p:NgDkwNFJLuHdoDVTmTj0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-