General
-
Target
d42c6b6ebf9546f73f8542b5f8e8769ace584f2bc4d6319fb1d06473290fd1cf
-
Size
378KB
-
Sample
220908-m3cmbsbefq
-
MD5
85421fe227435ab57544c7e07ce793c0
-
SHA1
880e734211fa5bc6dc3c371322e32bd949448040
-
SHA256
d42c6b6ebf9546f73f8542b5f8e8769ace584f2bc4d6319fb1d06473290fd1cf
-
SHA512
202fb156d314f12d81360128c9b2bbd255e307672d745955839bb4bfc79b0afb0c0c618e32457f811ecbe0f2e51891307e6d33decbcc3b95f7eb7718938e11ab
-
SSDEEP
6144:M7Pl6K1inZ0KtvusH5n4tF7ilzS6JOaoKU5K7u8Jg/xbemCj9j6J:s4K1KZ0KtvusH5n4tF7ileO7u8JgRueJ
Static task
static1
Malware Config
Extracted
raccoon
654b3e7f2d409dcde795b5d2dacf4955
http://46.249.58.152/
Targets
-
-
Target
d42c6b6ebf9546f73f8542b5f8e8769ace584f2bc4d6319fb1d06473290fd1cf
-
Size
378KB
-
MD5
85421fe227435ab57544c7e07ce793c0
-
SHA1
880e734211fa5bc6dc3c371322e32bd949448040
-
SHA256
d42c6b6ebf9546f73f8542b5f8e8769ace584f2bc4d6319fb1d06473290fd1cf
-
SHA512
202fb156d314f12d81360128c9b2bbd255e307672d745955839bb4bfc79b0afb0c0c618e32457f811ecbe0f2e51891307e6d33decbcc3b95f7eb7718938e11ab
-
SSDEEP
6144:M7Pl6K1inZ0KtvusH5n4tF7ilzS6JOaoKU5K7u8Jg/xbemCj9j6J:s4K1KZ0KtvusH5n4tF7ileO7u8JgRueJ
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-