General
-
Target
e2b9859fcfaed0a7d7a857646cf37b042df26f13a4c455a5fcffed0f6bb74d12.exe
-
Size
6.0MB
-
Sample
220927-fbn3qaceb5
-
MD5
e9acfc93e52dd181932e7604184beecb
-
SHA1
a5172b25d36f9954ae0c198f569432c4954a00b2
-
SHA256
e2b9859fcfaed0a7d7a857646cf37b042df26f13a4c455a5fcffed0f6bb74d12
-
SHA512
803e01f218c1e427a3585b30c260824ac8a7b8e687976619fbf61e2645ff1905cefd1004d3f54b9580ee8e90f4e8a23a28e616b933e433fcb120c5b97e3ac2d6
-
SSDEEP
196608:SkV6yZjVzDxw7ZX1J8ZG+HIf5XI+l5Qs0:RV5xzG7d/1XI+XQv
Static task
static1
Behavioral task
behavioral1
Sample
e2b9859fcfaed0a7d7a857646cf37b042df26f13a4c455a5fcffed0f6bb74d12.exe
Resource
win7-20220812-en
Malware Config
Extracted
http://80.92.205.35/hfile.bin
Extracted
raccoon
9b19cf60d9bdf65b8a2495aa965456c3
http://94.131.107.206
Targets
-
-
Target
e2b9859fcfaed0a7d7a857646cf37b042df26f13a4c455a5fcffed0f6bb74d12.exe
-
Size
6.0MB
-
MD5
e9acfc93e52dd181932e7604184beecb
-
SHA1
a5172b25d36f9954ae0c198f569432c4954a00b2
-
SHA256
e2b9859fcfaed0a7d7a857646cf37b042df26f13a4c455a5fcffed0f6bb74d12
-
SHA512
803e01f218c1e427a3585b30c260824ac8a7b8e687976619fbf61e2645ff1905cefd1004d3f54b9580ee8e90f4e8a23a28e616b933e433fcb120c5b97e3ac2d6
-
SSDEEP
196608:SkV6yZjVzDxw7ZX1J8ZG+HIf5XI+l5Qs0:RV5xzG7d/1XI+XQv
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-