General
-
Target
de302b3f83c0208da9df41a874fb362889083908b1db069ba5cef884c7d1c6d7
-
Size
379KB
-
Sample
220908-m5yycabfak
-
MD5
d781565c8dd4c9ea9a58914246e164d8
-
SHA1
175ad7ca21bb080d6f315dcc89388e21bc539336
-
SHA256
de302b3f83c0208da9df41a874fb362889083908b1db069ba5cef884c7d1c6d7
-
SHA512
3fc924ff30026e3ccd02f769d90b07b34f6bb61054b363f8f7bac00052190feaf51f1e7624b85633a55224f9aa4651abe6e50cc5d4fc95f41a7d237103f5fbc6
-
SSDEEP
6144:N741KC10XZ0KtvusH5nht2C6ilbKV5mKYLk5j7ucJnPdemcXgCR6J:xhC1UZ0KtvusH5nht2C6ile97ucJnsm1
Static task
static1
Malware Config
Extracted
raccoon
654b3e7f2d409dcde795b5d2dacf4955
http://46.249.58.152/
Targets
-
-
Target
de302b3f83c0208da9df41a874fb362889083908b1db069ba5cef884c7d1c6d7
-
Size
379KB
-
MD5
d781565c8dd4c9ea9a58914246e164d8
-
SHA1
175ad7ca21bb080d6f315dcc89388e21bc539336
-
SHA256
de302b3f83c0208da9df41a874fb362889083908b1db069ba5cef884c7d1c6d7
-
SHA512
3fc924ff30026e3ccd02f769d90b07b34f6bb61054b363f8f7bac00052190feaf51f1e7624b85633a55224f9aa4651abe6e50cc5d4fc95f41a7d237103f5fbc6
-
SSDEEP
6144:N741KC10XZ0KtvusH5nht2C6ilbKV5mKYLk5j7ucJnPdemcXgCR6J:xhC1UZ0KtvusH5nht2C6ile97ucJnsm1
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-