General
-
Target
337180663dda69a129ea98b5c88d906f365536ed03aed7191e8e0d94ef2caa2f.exe
-
Size
4.6MB
-
Sample
220907-nyfnvshbgq
-
MD5
0ef5054808b0e5aa7e213946dd368543
-
SHA1
6ae6caad04552882ea2d18908c481b22ee6cfc92
-
SHA256
337180663dda69a129ea98b5c88d906f365536ed03aed7191e8e0d94ef2caa2f
-
SHA512
fd98e86918e31cd1018b3c040bf49fd5492923da9e801ed2b3beeb662e2eabef3225bca24d0532afef05979b8439b9b13594f4f3feff45019bef6f0fad42ccf9
-
SSDEEP
98304:lCWPuwmKvFdR5PiIK2WkNX84559RcsXExnRSZjrOog+52MzkEvUp44:oWWwLFdR5Pi32Wkx1hRcsUxnRSZj1g+3
Static task
static1
Behavioral task
behavioral1
Sample
337180663dda69a129ea98b5c88d906f365536ed03aed7191e8e0d94ef2caa2f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
337180663dda69a129ea98b5c88d906f365536ed03aed7191e8e0d94ef2caa2f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
8eb14caca01131f5f4ff62ef8a0fcab4
http://77.75.230.25/
http://146.19.170.157/
Extracted
raccoon
�n(�@����|��Z4bT�r�,'hQQ
Targets
-
-
Target
337180663dda69a129ea98b5c88d906f365536ed03aed7191e8e0d94ef2caa2f.exe
-
Size
4.6MB
-
MD5
0ef5054808b0e5aa7e213946dd368543
-
SHA1
6ae6caad04552882ea2d18908c481b22ee6cfc92
-
SHA256
337180663dda69a129ea98b5c88d906f365536ed03aed7191e8e0d94ef2caa2f
-
SHA512
fd98e86918e31cd1018b3c040bf49fd5492923da9e801ed2b3beeb662e2eabef3225bca24d0532afef05979b8439b9b13594f4f3feff45019bef6f0fad42ccf9
-
SSDEEP
98304:lCWPuwmKvFdR5PiIK2WkNX84559RcsXExnRSZjrOog+52MzkEvUp44:oWWwLFdR5Pi32Wkx1hRcsUxnRSZj1g+3
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-