General
-
Target
87965adecd027e582ec8c82e5c51b147ef32519674363064464635794790b1cb
-
Size
386KB
-
Sample
220908-jxww8sbcam
-
MD5
63a79393f793c165c5d3b1b6f2f2f2b6
-
SHA1
4e4d6311cc3e82ebc2b73dff18e1da2bf05bc4ca
-
SHA256
87965adecd027e582ec8c82e5c51b147ef32519674363064464635794790b1cb
-
SHA512
e7e2338a465d5601262415d406e5c241206a1afbec638721b0c191d287ab3c47b86125922c5109c8fcb7cd0841f4383aa1512f8e81329d24203310e13a5f742b
-
SSDEEP
12288:uO1rAJgO0d5vgEiCxJxrEc9oulkgjjGe:V12EigHrEQxjjR
Static task
static1
Malware Config
Extracted
raccoon
654b3e7f2d409dcde795b5d2dacf4955
http://46.249.58.152/
Targets
-
-
Target
87965adecd027e582ec8c82e5c51b147ef32519674363064464635794790b1cb
-
Size
386KB
-
MD5
63a79393f793c165c5d3b1b6f2f2f2b6
-
SHA1
4e4d6311cc3e82ebc2b73dff18e1da2bf05bc4ca
-
SHA256
87965adecd027e582ec8c82e5c51b147ef32519674363064464635794790b1cb
-
SHA512
e7e2338a465d5601262415d406e5c241206a1afbec638721b0c191d287ab3c47b86125922c5109c8fcb7cd0841f4383aa1512f8e81329d24203310e13a5f742b
-
SSDEEP
12288:uO1rAJgO0d5vgEiCxJxrEc9oulkgjjGe:V12EigHrEQxjjR
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-