General
-
Target
whatthefuck.exe
-
Size
866KB
-
Sample
220919-gd43dsefhl
-
MD5
d91b46f4a9cd6fc1a4ac0a82925be6b4
-
SHA1
51d77db712b467a61ea06c539657815a13363de8
-
SHA256
0f0120403bdce99af323f1df869e5259fd9de6f78961d5918843b9025572c4d3
-
SHA512
5963915a7d98513c43b42c06de0a4bad65f040ca8a8f0ce178a5f7e70c790f548707102c09678ac52a67f22539c96b124c03c2e89c1552f3ef632b4359fb0304
-
SSDEEP
6144:iiUbiUaLZT7ssl5wetP8pa7PffwAGsj8b0T0IgCbHacNxtBhnCyev0XLsEjCoYyG:zUOnZTxm9CHfGAlT07CbHbRh/M07sq+
Static task
static1
Malware Config
Extracted
raccoon
7be6431f3fa3eaa6e36b23bbc5559b9a
http://77.73.133.69/
Targets
-
-
Target
whatthefuck.exe
-
Size
866KB
-
MD5
d91b46f4a9cd6fc1a4ac0a82925be6b4
-
SHA1
51d77db712b467a61ea06c539657815a13363de8
-
SHA256
0f0120403bdce99af323f1df869e5259fd9de6f78961d5918843b9025572c4d3
-
SHA512
5963915a7d98513c43b42c06de0a4bad65f040ca8a8f0ce178a5f7e70c790f548707102c09678ac52a67f22539c96b124c03c2e89c1552f3ef632b4359fb0304
-
SSDEEP
6144:iiUbiUaLZT7ssl5wetP8pa7PffwAGsj8b0T0IgCbHacNxtBhnCyev0XLsEjCoYyG:zUOnZTxm9CHfGAlT07CbHbRh/M07sq+
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-