General
-
Target
807b8685ce73d047f5a4b865f43a557183d4cb37293416fc6be0b660b63b7cf4
-
Size
373.5MB
-
Sample
220925-qpwptsgacj
-
MD5
a2b324f342b2390b6dc0fb096f68acc5
-
SHA1
c385641caf35cc4b62db52f9f28983f04ac33251
-
SHA256
807b8685ce73d047f5a4b865f43a557183d4cb37293416fc6be0b660b63b7cf4
-
SHA512
97f3249e069138f81192ceb1e9ab4ea4ae8b09255071dd9b9597f76c3a6cb2a0d9c3fad8088b0829c7f39de3fea2ea89b8a0b6d0a90b1f6db718059cb7eaf8cd
-
SSDEEP
98304:wl3dSlJxYL5QQgv28Oqix61YXoeC4IGlK+DKIG2F/bu4l17J:qMzxYtzI6Kv1cfl1V
Behavioral task
behavioral1
Sample
807b8685ce73d047f5a4b865f43a557183d4cb37293416fc6be0b660b63b7cf4.exe
Resource
win7-20220812-en
Malware Config
Extracted
raccoon
3274ea5682755c1151f36d0672d7a717
http://45.89.55.114/
http://5.182.36.233/
Targets
-
-
Target
807b8685ce73d047f5a4b865f43a557183d4cb37293416fc6be0b660b63b7cf4
-
Size
373.5MB
-
MD5
a2b324f342b2390b6dc0fb096f68acc5
-
SHA1
c385641caf35cc4b62db52f9f28983f04ac33251
-
SHA256
807b8685ce73d047f5a4b865f43a557183d4cb37293416fc6be0b660b63b7cf4
-
SHA512
97f3249e069138f81192ceb1e9ab4ea4ae8b09255071dd9b9597f76c3a6cb2a0d9c3fad8088b0829c7f39de3fea2ea89b8a0b6d0a90b1f6db718059cb7eaf8cd
-
SSDEEP
98304:wl3dSlJxYL5QQgv28Oqix61YXoeC4IGlK+DKIG2F/bu4l17J:qMzxYtzI6Kv1cfl1V
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-