General
-
Target
Setup.exe
-
Size
355.0MB
-
Sample
221008-1b3w4afgb4
-
MD5
fc16cc29dc6b7ae38a8adb41615b0f99
-
SHA1
678fa323001d982f584c629dbb56e3f3485a5f8c
-
SHA256
8642afdd26e0feec278fca836312054ce6b3646812d2e6d1f450d76bbc66eb29
-
SHA512
6d71c6567b479f8b641bebaae6e5fb77e73b378cdb16f38fae214e537a13b210e91c82483169d4de9884573716d182da6163d97a64494e011306e212e14df4b0
-
SSDEEP
98304:S7dJE9PjJACaRcY8P+ovSEvL1tWm1OSOdsngoIJY3agdcz7XFtDlD3X4vm:2qjMT0+rALKNJYFdi7XHhHAm
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
54.9
1325
https://t.me/larsenup
https://ioc.exchange/@zebra54
-
profile_id
1325
Extracted
raccoon
86e38cb1df4c584ae1dc40c344b9bc37
http://89.185.85.53/
Targets
-
-
Target
Setup.exe
-
Size
355.0MB
-
MD5
fc16cc29dc6b7ae38a8adb41615b0f99
-
SHA1
678fa323001d982f584c629dbb56e3f3485a5f8c
-
SHA256
8642afdd26e0feec278fca836312054ce6b3646812d2e6d1f450d76bbc66eb29
-
SHA512
6d71c6567b479f8b641bebaae6e5fb77e73b378cdb16f38fae214e537a13b210e91c82483169d4de9884573716d182da6163d97a64494e011306e212e14df4b0
-
SSDEEP
98304:S7dJE9PjJACaRcY8P+ovSEvL1tWm1OSOdsngoIJY3agdcz7XFtDlD3X4vm:2qjMT0+rALKNJYFdi7XHhHAm
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-