General
-
Target
a4b5c22ad66abf713b53dd48a7b6da65.exe
-
Size
1.5MB
-
Sample
220921-k96smsbedn
-
MD5
a4b5c22ad66abf713b53dd48a7b6da65
-
SHA1
73c02bb3add993ce71e9ee461494cd2584754066
-
SHA256
c0b96ba1adef41f90c616ba72a4047735925f14d4745a87992732dcd1dc60b23
-
SHA512
d56dcab8093aa1160aa94d3eb2b6e18c77d93d3df69e8ecb1730b9f6655ba185a0a88bff5f4fac753029842a03600864367761e69247180a5a2e247621d89408
-
SSDEEP
24576:wgRocFUaFfzmT58FvIU5FL4vZzdhZ3lz3MUiAQrVdU91NMBnw4AUci:wgScyUfzmAQzZJL3lLn5+Vdw1NUPA4
Static task
static1
Behavioral task
behavioral1
Sample
a4b5c22ad66abf713b53dd48a7b6da65.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a4b5c22ad66abf713b53dd48a7b6da65.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
9b19cf60d9bdf65b8a2495aa965456c3
http://94.131.107.23/
http://45.11.19.99/
Targets
-
-
Target
a4b5c22ad66abf713b53dd48a7b6da65.exe
-
Size
1.5MB
-
MD5
a4b5c22ad66abf713b53dd48a7b6da65
-
SHA1
73c02bb3add993ce71e9ee461494cd2584754066
-
SHA256
c0b96ba1adef41f90c616ba72a4047735925f14d4745a87992732dcd1dc60b23
-
SHA512
d56dcab8093aa1160aa94d3eb2b6e18c77d93d3df69e8ecb1730b9f6655ba185a0a88bff5f4fac753029842a03600864367761e69247180a5a2e247621d89408
-
SSDEEP
24576:wgRocFUaFfzmT58FvIU5FL4vZzdhZ3lz3MUiAQrVdU91NMBnw4AUci:wgScyUfzmAQzZJL3lLn5+Vdw1NUPA4
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-