General
-
Target
89526174deb39bd6ef0663db7468763c54e30875591c8466281709c7d4f42d3c
-
Size
345KB
-
Sample
221006-d91hasgecp
-
MD5
8ee9351a60a4d89e0ff61b3789bcb98a
-
SHA1
b24279aa0c63143c6f89c7ca7ffc2d9d0c9d23a7
-
SHA256
89526174deb39bd6ef0663db7468763c54e30875591c8466281709c7d4f42d3c
-
SHA512
db031b525c1bfc9102b0ddc485612e9e46fb22fa27170f7f4df65d1817f5045845c4f3f3d8ddb3d5f5f25fe9fb4de31047b224752216e1b1546590aab21883b4
-
SSDEEP
6144:K6S1ZVlum8KDJUOER/YM58yC4ohdFrmHJJybheuo5cLol:oPmcUOIeyC4oZMJv5
Static task
static1
Behavioral task
behavioral1
Sample
89526174deb39bd6ef0663db7468763c54e30875591c8466281709c7d4f42d3c.exe
Resource
win7-20220901-en
Malware Config
Extracted
raccoon
bd3a3a503834ef8e836d8a99d1ecff54
http://135.148.104.11/
Targets
-
-
Target
89526174deb39bd6ef0663db7468763c54e30875591c8466281709c7d4f42d3c
-
Size
345KB
-
MD5
8ee9351a60a4d89e0ff61b3789bcb98a
-
SHA1
b24279aa0c63143c6f89c7ca7ffc2d9d0c9d23a7
-
SHA256
89526174deb39bd6ef0663db7468763c54e30875591c8466281709c7d4f42d3c
-
SHA512
db031b525c1bfc9102b0ddc485612e9e46fb22fa27170f7f4df65d1817f5045845c4f3f3d8ddb3d5f5f25fe9fb4de31047b224752216e1b1546590aab21883b4
-
SSDEEP
6144:K6S1ZVlum8KDJUOER/YM58yC4ohdFrmHJJybheuo5cLol:oPmcUOIeyC4oZMJv5
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-