General
-
Target
cd22af088500bf7c0602a7c4951eacda5c63d8f5e65c0350eb90589e153688c6
-
Size
386KB
-
Sample
220907-yr12bsabeq
-
MD5
e1626e2d28a6709a79aefc82caf3953f
-
SHA1
9129f39b543ac4c9b500c19da3f2fb462a35a899
-
SHA256
cd22af088500bf7c0602a7c4951eacda5c63d8f5e65c0350eb90589e153688c6
-
SHA512
7b535037c345a034ccac721b82ad4a1ae04785d947731a0493b8d104276b4ee1ca9072a825e35a87849f2bf5ae6cc6fc9536dcac80a7b52571f2198738b66e84
-
SSDEEP
12288:rO1UAJgO0d5vgEiNxWprEcCoulkXP9Mbv:i1NEiPsrEDUP9Mb
Static task
static1
Malware Config
Extracted
raccoon
654b3e7f2d409dcde795b5d2dacf4955
http://46.249.58.152/
Targets
-
-
Target
cd22af088500bf7c0602a7c4951eacda5c63d8f5e65c0350eb90589e153688c6
-
Size
386KB
-
MD5
e1626e2d28a6709a79aefc82caf3953f
-
SHA1
9129f39b543ac4c9b500c19da3f2fb462a35a899
-
SHA256
cd22af088500bf7c0602a7c4951eacda5c63d8f5e65c0350eb90589e153688c6
-
SHA512
7b535037c345a034ccac721b82ad4a1ae04785d947731a0493b8d104276b4ee1ca9072a825e35a87849f2bf5ae6cc6fc9536dcac80a7b52571f2198738b66e84
-
SSDEEP
12288:rO1UAJgO0d5vgEiNxWprEcCoulkXP9Mbv:i1NEiPsrEDUP9Mb
-
Modifies security service
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-