General
-
Target
Setup.exe
-
Size
394.1MB
-
Sample
220923-ks16tshfgn
-
MD5
25e691bbad8d5bf46f6631ee644e9d73
-
SHA1
d5c8a2e83dd5bd6431c932cbda8a1371a66b8013
-
SHA256
338eaa5a7d7a3b1edc2cda926d477d569517dc6af2ccffbb34ee34d8c972094b
-
SHA512
8fb813f76b2f2886c2698f8ec8817cf5b573d318cb668c0504e88ac7852113a0c0fd3863742da3d42411e2fc547fda15f1b67820ca8ed5cff266efdf6c7d724c
-
SSDEEP
98304:dF0UyMxDIrLrgwMJgjn4s5ipeuBi7bUPgfWFRIW3zrfnNGRjqs:FyNMwpT4ai4CgfcBnAqs
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
raccoon
14902e50d2f477364ab9ad3b26f3e3cc
http://78.159.97.21/
http://78.159.103.195
http://78.159.103.196
Targets
-
-
Target
Setup.exe
-
Size
394.1MB
-
MD5
25e691bbad8d5bf46f6631ee644e9d73
-
SHA1
d5c8a2e83dd5bd6431c932cbda8a1371a66b8013
-
SHA256
338eaa5a7d7a3b1edc2cda926d477d569517dc6af2ccffbb34ee34d8c972094b
-
SHA512
8fb813f76b2f2886c2698f8ec8817cf5b573d318cb668c0504e88ac7852113a0c0fd3863742da3d42411e2fc547fda15f1b67820ca8ed5cff266efdf6c7d724c
-
SSDEEP
98304:dF0UyMxDIrLrgwMJgjn4s5ipeuBi7bUPgfWFRIW3zrfnNGRjqs:FyNMwpT4ai4CgfcBnAqs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-