General
-
Target
c15231a4fb2bc6c5f0609dc0a5954e01cbc3fbd2fcc74decf88abd156a7f2e8d
-
Size
379KB
-
Sample
220908-m1jymabefl
-
MD5
06f7b1a3af6a67252c707f260a031c57
-
SHA1
3fee890a57a4fd651f9263472fa73115bbfe03d5
-
SHA256
c15231a4fb2bc6c5f0609dc0a5954e01cbc3fbd2fcc74decf88abd156a7f2e8d
-
SHA512
6925ef7f3943890650c3250489eda05e16c62f76212a6329790f9e3d013a08e765e739806f78f19429a2fa045ab82cd6078d6d545e7144a554cd46261ea740fe
-
SSDEEP
6144:KbI21ai1wnZ0KtvusH5n4NGSaSVLKlJmqork5jruMJ3Pqe9Pcr6J:6IXi1wZ0KtvusH5n4NGSaSVutruMJ3Nj
Static task
static1
Malware Config
Extracted
raccoon
654b3e7f2d409dcde795b5d2dacf4955
http://46.249.58.152/
Targets
-
-
Target
c15231a4fb2bc6c5f0609dc0a5954e01cbc3fbd2fcc74decf88abd156a7f2e8d
-
Size
379KB
-
MD5
06f7b1a3af6a67252c707f260a031c57
-
SHA1
3fee890a57a4fd651f9263472fa73115bbfe03d5
-
SHA256
c15231a4fb2bc6c5f0609dc0a5954e01cbc3fbd2fcc74decf88abd156a7f2e8d
-
SHA512
6925ef7f3943890650c3250489eda05e16c62f76212a6329790f9e3d013a08e765e739806f78f19429a2fa045ab82cd6078d6d545e7144a554cd46261ea740fe
-
SSDEEP
6144:KbI21ai1wnZ0KtvusH5n4NGSaSVLKlJmqork5jruMJ3Pqe9Pcr6J:6IXi1wZ0KtvusH5n4NGSaSVutruMJ3Nj
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-