Overview
overview
10Static
static
helper.bat
windows7-x64
1helper.bat
windows10-2004-x64
1install_modules.sh
ubuntu-18.04-amd64
8install_modules.sh
debian-9-armhf
8install_modules.sh
debian-9-mips
8install_modules.sh
debian-9-mipsel
8installer.exe
windows7-x64
10installer.exe
windows10-2004-x64
10libraries.dll
ubuntu-18.04-amd64
libraries.dll
debian-9-armhf
libraries.dll
debian-9-mips
libraries.dll
debian-9-mipsel
General
-
Target
installer.rar
-
Size
6.1MB
-
Sample
220922-wr74jafher
-
MD5
733a0cd35d2c315b245a3d4d8e77c728
-
SHA1
ee2e2c71c737788cb059a7bb1bcf529eda29f958
-
SHA256
f6f3590cf6271c390ec4fc617afbbcbf214dfe3cbc9b708d1e97c729cd3ac069
-
SHA512
f0d326c368433805bea0a63d25a0def80d9297e910d314b8c542e88a36cb29dd221176fc34df64e44d7369c671ec9189644c95ad157ac2d389b1a339aedc1523
-
SSDEEP
196608:tuGB4nsVHGcC4O4eOucJIPL/+VpdnztXXWL+Fz:/B4sVmcC4JoL2VZXlFz
Static task
static1
Behavioral task
behavioral1
Sample
helper.bat
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
helper.bat
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
install_modules.sh
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral4
Sample
install_modules.sh
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral5
Sample
install_modules.sh
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral6
Sample
install_modules.sh
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral7
Sample
installer.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
installer.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
libraries.dll
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral10
Sample
libraries.dll
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral11
Sample
libraries.dll
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral12
Sample
libraries.dll
Resource
debian9-mipsel-en-20211208
Malware Config
Extracted
raccoon
985151cfbc2662a774d6e7f7d992c04d
http://89.185.85.53/
Targets
-
-
Target
helper.bat
-
Size
7KB
-
MD5
0bd944749ac1e405d5739a54c0696188
-
SHA1
d443018ef6ff362437bd10855137749f129e21f3
-
SHA256
75a18ce835c6fedf9bb7fd9bb3b1fd9d2b5aa727987b4832dafcb8d1b8f658ae
-
SHA512
8fcbb52fae1dcf52e2d3610c415ce70f93fcfa18c143d0828a65908155d6b652f4211219f98fbcad6bfc5e29cd33be142ee06eaaba1fd29f1c80e6b6fef32fc4
-
SSDEEP
96:xR2VnXMPWwzxKUUkKwB160+IvcuhS1U1DLVpesppVJA/mi:eVnXMPlzxKUUgp+INTLVnJqD
Score1/10 -
-
-
Target
install_modules.sh
-
Size
3KB
-
MD5
05a28430f97b6db328b9f748005718cc
-
SHA1
da28f7c62b43f2cb97e5b6a2e71eb8199bdbae5c
-
SHA256
d05559d26e8db46d562314ecc55bb8f0f17518f313cf0f2e0cff690f4240aacf
-
SHA512
d2f64b14e83b668c03af5c4f9495a7b268a7756220b74df82e54fba0edea3f374e353dd69b9c293cd51fbd6c5ecaea86072ce2895f91a09451bf0cbd2019cbdf
Score8/10-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Write file to user bin folder
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
installer.exe
-
Size
726.3MB
-
MD5
347ba6013752fbe969bc3026639b0104
-
SHA1
d9e476cb7b09efdc98aedeb3baf5e8d1bbfec6fb
-
SHA256
64f9fe0eeaf1e21c27879c85f0b2fbb5cba9d760fc3a73ae58a490ebe4dced42
-
SHA512
60edc7ee42912f988d3df461f79d2c1059f01180514a994e6980258136c8a7937cb5d97b599d127a5caaf564c4891e18b9577b7eb14a57e34613b40bd16d3a88
-
SSDEEP
98304:lCPkOmG+sbBOcINYWcrdY6N+Q/tvW0qXNa6ntZQoTlNKD6RGb2Uv1P7mgjqwGaxj:lCP1xbZdY6gQ1uv9a+vNKDfJ1jmzwzj
Score10/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
libraries.dll
-
Size
118KB
-
MD5
01249bb3f9b8e4da9950f53a4e569865
-
SHA1
7e16f5eabdd0fcaa708832ff4eb82f7bdef7206d
-
SHA256
6396d6670598c51c5ae723f8209d850bfba736b0814e42e5432cc16bbdde0703
-
SHA512
389128c32377af7257b5c719abc2c95132f78b95c103bb2e9e8780430d7ab94f1eab0ef84607bfec31bf9dffee4d0daa0694c6f9bfd5f4416813b784f2e63f5a
-
SSDEEP
1536:Nt5rrjRrUw13Vsw13VVw13V2HI3SjnFf3h1OOr41r4bFJj5ftereQkeZegz:NtJPhrhn/5OKHV4reQXg4
Score1/10 -