Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Zoom.iso

  • Size

    256.0MB

  • Sample

    221008-3k1jfafhh4

  • MD5

    d47a45d25ce3ab24cffffbb389d3fb46

  • SHA1

    0c1bc7f0b8a944b921ba688c98d1070e014b3a78

  • SHA256

    7436f6600a22e92bcae60ec78335ac8a3306f33c9ba6133649024a95f393e394

  • SHA512

    834200e0c8a843047c58f9eabb497295fb18bdbc152b4961f3d7f829f3b57139af9aa5011c9adde4c7c5d42c8fd274aa51ee2273eafe04751500d0072d50233a

  • SSDEEP

    98304:qoYnMjGCGOXft+ktOuI9+W3Kp6E+WroakdQeiq+D6pUonqD:qoYnMaZOXf0ksJop6JWrvkriqfUt

Malware Config

Extracted

Family

raccoon

Botnet

6f89b98c954b97563d917a50d1cf20cf

C2

http://167.114.45.110/

http://15.235.89.55/

http://51.68.28.146/

rc4.plain

Targets

    • Target

      ZOOM.EXE

    • Size

      256.0MB

    • MD5

      c7267dc5d18ce972fc8a1492d87ab8c2

    • SHA1

      2b8794979aef70e4520e96b2ace1cad9d9e12e3a

    • SHA256

      c640d3b8eab11989df6a8f63d1addf543dc08cd8cf47570ca9fad40d058ba8ad

    • SHA512

      0bc66e4605d72239d9fb3ff95243e1693407e3058a1d98261358dbd757ab0a7631e2ef20b36e7b9b247fbfff17c1cd9545b44aec40905882579930b81e5438cc

    • SSDEEP

      98304:/oYnMjGCGOXft+ktOuI9+W3Kp6E+WroakdQeiq+D6pUonqD:/oYnMaZOXf0ksJop6JWrvkriqfUt

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks