General
-
Target
sample-547923-d6ee61a194362a68846db5fdd1948cc0.zip
-
Size
1.5MB
-
Sample
220926-29zsrscbd4
-
MD5
a15f255078175def544b709add9342a2
-
SHA1
91b92eb7b93e93eac54b29cfc4342d345b2ec944
-
SHA256
8a5b1fc43aff285156e99bbb4c816ac1c7ae3b0eefe31336928f3a14e48525a4
-
SHA512
61db9728d8888e374ffa89ae8876229b115651dee6435898f0240930e725550f0a5c7ced96f6b544a5032a1df167b57e67205de2a23aa3656c9944255a203578
-
SSDEEP
24576:LQqPjVABtSPkwTDldHyEtVC50ciXeVlmGC9VjFMkhW01utYwIsUrUpvY3:zPBU+TDFVXciKaVjmmgvw
Static task
static1
Behavioral task
behavioral1
Sample
ZTGB7oKVjd.exe
Resource
win7-20220812-en
Malware Config
Extracted
raccoon
9b19cf60d9bdf65b8a2495aa965456c3
http://94.131.107.206
Targets
-
-
Target
ZTGB7oKVjd.exe
-
Size
3.7MB
-
MD5
d6ee61a194362a68846db5fdd1948cc0
-
SHA1
31e543a199e488255096d17cf3a90a0f2b91ce86
-
SHA256
e77e9313e5dd2402c4b4246eee58eb712eba23418f26ecd99cfc6709637473cd
-
SHA512
cb05a3fcb83187a42cda64b2730fbc6ee5ab131ac3cb13047205094330cd7d56b9697267b5c9d9fc33df20679ea00f849700f39e53ef77bfb13c95f21a2c5d1e
-
SSDEEP
24576:mEVHBMSvlgJTrQX1AqSlqqYQSLU/NHagP/SzLys1lfzT4uPJludr9sIi5OVIRR:ZVHBMMgJH0ONwosFlgqXOmT
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-