General
-
Target
bEW48w9BEVk.zip
-
Size
978KB
-
Sample
220924-dqq5hsadh3
-
MD5
b9007f402d61ecdc3f93ed8f90318e49
-
SHA1
5cec1e8ac88e9453e1491a94c285b6ac285714ee
-
SHA256
c942ba85a8f3d49faebc0c186ed560bc789483b7eb42989a9444b7f74c3fc4fa
-
SHA512
7efa750cde38e322baae37def9c37b361e706299717d5028375266086bb786ab57088247ee2d7ca50dd532a088571156cab14a11d1dfa95e52df0f91598f64c3
-
SSDEEP
24576:U3SklsN/XDVbjweihwaCA1Jwb4AaUs05iHRsf6R:UAZhFnaCA1Jk4A00Ng
Static task
static1
Behavioral task
behavioral1
Sample
autoplay.exe
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
autorun.dll
Resource
win10-20220812-en
Malware Config
Extracted
raccoon
82b47b435e53e7fb9a7380684546ba5c
http://77.73.133.23/
Targets
-
-
Target
autoplay.exe
-
Size
2.5MB
-
MD5
c4379188fbebcf19fb52982a07ad97e5
-
SHA1
5959c3a2c4173a2ac35dda00692dd5b402b950ad
-
SHA256
0933f4936176e06ade6b661f36423892a9553e92cf1d4ad8e20cfb9a83dc029c
-
SHA512
e55ef130b26a3056bd5a1dfef2ef57bf28fe541d4b3903c238d308c8f1a999e20349a695c3ee420ac0ca77015bdfd4d9afda7c8982a6804ea7073c62f9253228
-
SSDEEP
49152:KR+W+FYXeCasCDnkh4bC6ZD40PFL/xl3V:KR+W+F6eCZCDnkh+40PFL/V
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
autorun.inf
-
Size
624KB
-
MD5
98c26bafe8abd7cc9ccf037d4f8ca5e2
-
SHA1
7993309decc39cd7aa69412a5e212f56501dd882
-
SHA256
fb3ac39fdbcfc1243d5dd23314d13baafe3a05cd7f5b0eaae174c345c3de1c1a
-
SHA512
e73c8466b5c209df7606bc3fca688a4397d94994bf0dbcfa8c08004ca2b318580f85736ea256a91ad360fa9e8415637c056c6fc815f1273a17ae1bb03137ea03
-
SSDEEP
12288:RnWTGfLIYsoQnWq+SoQoCAcruhb2YT9BCnCKzUroHUudh3jNrLjeGm+M:Rn4GfLIYsoQkSToCAcruQI9BCC3roH5n
Score1/10 -