General
-
Target
file_1.zip
-
Size
1.2MB
-
Sample
220927-e5ynksdfbm
-
MD5
37a9fc03362d4e2a91028ea12d5440ea
-
SHA1
539477312c35364d485f76b641d89b66c702def5
-
SHA256
012a4528bb6b9dde780d627a0f22b440ff26fac4a80ebc91266a7cc95f324d4b
-
SHA512
49ac51db69e4201b8c8af206dd35b62b448a7c713cbf564266e98d29953b5a8673202331c663da6b7bc241a1435a23f06bf477e1546f8b9f79070aea66c51b52
-
SSDEEP
24576:4cygxEOtU5GOYK232r5hHxBry22LLIp8wm1mK3Pi07eIPac9sB:4cyWEbQLmr5hHxBrOvhlmWi0iIymc
Static task
static1
Behavioral task
behavioral1
Sample
lrPBx4qjVQLL.exe
Resource
win7-20220901-en
Malware Config
Extracted
raccoon
9b19cf60d9bdf65b8a2495aa965456c3
http://94.131.107.206
Targets
-
-
Target
lrPBx4qjVQLL.exe
-
Size
1.5MB
-
MD5
018dbebc18d0989b6c5a0916a7aeb8ee
-
SHA1
3d9d22ef47c09230fda8d66945e00e3538f2d975
-
SHA256
82112a8c76d6bab37acadc1e1a113e43b6dc966f48b9f2a0cc8fdbd844ee2f7a
-
SHA512
a97b649deaed7f44b03f882648dbaa26ebddc9d925e161d6b523a09861950efef17cb14339f22a92184ca9184abb92b04e2d4f07a7914ae0e091f4f2560adf96
-
SSDEEP
49152:8N0TnIUbWriymtRAZbUJylRyOuo+ecZTa1gBHXOlr/pQVpu7S/cY:gKnIUbWrJUJy/yOuo/cZTa1cXO/DS/b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-