General
-
Target
e684c37aed40d6558c794cb6d9909f8d27007ca72575101e9c19c4201d201743
-
Size
374.6MB
-
Sample
220925-qrj4tagacp
-
MD5
d415fc8cca197e9a3f0dced5061f1982
-
SHA1
2cda71708b8018875c6d68be049bec80076a5c20
-
SHA256
e684c37aed40d6558c794cb6d9909f8d27007ca72575101e9c19c4201d201743
-
SHA512
d526e5c1a10b6b7532099655097c4d849dd1902bbc9ec59d0d0feaaf101c43454b91993bb572edc4a856f01f8b0d1a2e4ce8093e80881b5481b70e42d2dd23d0
-
SSDEEP
98304:8i3yZgWtwc3xdd988CtsoV4ulxwLmsxcbls9BCN4iN//pKMRhVN2XSPMy4l:8iiZg33brwzcBs9kB3zPhPm
Behavioral task
behavioral1
Sample
e684c37aed40d6558c794cb6d9909f8d27007ca72575101e9c19c4201d201743.exe
Resource
win7-20220812-en
Malware Config
Extracted
raccoon
3274ea5682755c1151f36d0672d7a717
http://45.89.55.114/
http://5.182.36.233/
Targets
-
-
Target
e684c37aed40d6558c794cb6d9909f8d27007ca72575101e9c19c4201d201743
-
Size
374.6MB
-
MD5
d415fc8cca197e9a3f0dced5061f1982
-
SHA1
2cda71708b8018875c6d68be049bec80076a5c20
-
SHA256
e684c37aed40d6558c794cb6d9909f8d27007ca72575101e9c19c4201d201743
-
SHA512
d526e5c1a10b6b7532099655097c4d849dd1902bbc9ec59d0d0feaaf101c43454b91993bb572edc4a856f01f8b0d1a2e4ce8093e80881b5481b70e42d2dd23d0
-
SSDEEP
98304:8i3yZgWtwc3xdd988CtsoV4ulxwLmsxcbls9BCN4iN//pKMRhVN2XSPMy4l:8iiZg33brwzcBs9kB3zPhPm
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-