General
-
Target
0cbb101350a505349559995cac335687.exe
-
Size
22.8MB
-
Sample
220920-sgrf9ahagk
-
MD5
0cbb101350a505349559995cac335687
-
SHA1
49fa668a551e694d3dc85b0dedadf6da2f7a79b7
-
SHA256
bc92ac427770e9d3e2e12ed5f25d1a8d92c43f6342b675f6e1d2ec70b86601fe
-
SHA512
36fe16fd2c18a056afa743879822cd845ff5498061f27e123530f665fbf1fadf1576a5c02c5c0e0f1af88cc2c40eaad618716c30b1c8d8812aa903938698586a
-
SSDEEP
393216:ne+m1n15+inMR/oArvMwVuwxTakRcLGZNXDqkV2R0h6g1Rkymg1:9InH7nMR/oExVrxe1L6JV2eh6g1Ky51
Malware Config
Extracted
http://45.159.248.145/hfile.bin
Extracted
raccoon
9b19cf60d9bdf65b8a2495aa965456c3
http://94.131.107.23/
http://45.11.19.99/
Targets
-
-
Target
0cbb101350a505349559995cac335687.exe
-
Size
22.8MB
-
MD5
0cbb101350a505349559995cac335687
-
SHA1
49fa668a551e694d3dc85b0dedadf6da2f7a79b7
-
SHA256
bc92ac427770e9d3e2e12ed5f25d1a8d92c43f6342b675f6e1d2ec70b86601fe
-
SHA512
36fe16fd2c18a056afa743879822cd845ff5498061f27e123530f665fbf1fadf1576a5c02c5c0e0f1af88cc2c40eaad618716c30b1c8d8812aa903938698586a
-
SSDEEP
393216:ne+m1n15+inMR/oArvMwVuwxTakRcLGZNXDqkV2R0h6g1Rkymg1:9InH7nMR/oExVrxe1L6JV2eh6g1Ky51
Score10/10-
Modifies Windows Defender notification settings
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-