General
-
Target
9bf8518d6de4e9bf945e9f477ff1412cc4705bb94c46f6f4e727c2140ab05ce3.exe
-
Size
4.4MB
-
Sample
220908-fwm16adfd7
-
MD5
25759699050adce5ffe4567f9ed959c5
-
SHA1
01b7b4a578341b471b7d9f80131640132a45ce2c
-
SHA256
9bf8518d6de4e9bf945e9f477ff1412cc4705bb94c46f6f4e727c2140ab05ce3
-
SHA512
f40ca8a2db614580fcf9fc249b5469807ee45e6e95a59ae5a9041c40d7f980a4b38066193d26455ed03363a8d5f24fd3c42e42a02264589d1d26d052a06dc4b2
-
SSDEEP
98304:Oj36Rz9IIqbvHaxex/S9Ct+uGv++1FBhFUM+ZlLco7kbfNFcbumqzQ:Oj36j3kvaAxKsLV+vTFU9ZlIo7kbfNeu
Static task
static1
Behavioral task
behavioral1
Sample
9bf8518d6de4e9bf945e9f477ff1412cc4705bb94c46f6f4e727c2140ab05ce3.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
9bf8518d6de4e9bf945e9f477ff1412cc4705bb94c46f6f4e727c2140ab05ce3.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
8eb14caca01131f5f4ff62ef8a0fcab4
http://77.75.230.25/
http://146.19.170.157/
Targets
-
-
Target
9bf8518d6de4e9bf945e9f477ff1412cc4705bb94c46f6f4e727c2140ab05ce3.exe
-
Size
4.4MB
-
MD5
25759699050adce5ffe4567f9ed959c5
-
SHA1
01b7b4a578341b471b7d9f80131640132a45ce2c
-
SHA256
9bf8518d6de4e9bf945e9f477ff1412cc4705bb94c46f6f4e727c2140ab05ce3
-
SHA512
f40ca8a2db614580fcf9fc249b5469807ee45e6e95a59ae5a9041c40d7f980a4b38066193d26455ed03363a8d5f24fd3c42e42a02264589d1d26d052a06dc4b2
-
SSDEEP
98304:Oj36Rz9IIqbvHaxex/S9Ct+uGv++1FBhFUM+ZlLco7kbfNFcbumqzQ:Oj36j3kvaAxKsLV+vTFU9ZlIo7kbfNeu
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-