General
-
Target
file
-
Size
4.7MB
-
Sample
221010-qnls8sbhe8
-
MD5
4a7c01c347ed9416940ed8597da69e27
-
SHA1
57d9f5334ed9d1036a71a5670158fe4b9d9cfd79
-
SHA256
20ed01a8e1ec898ec25499b5ac18d8522226e08c1ff8baffc327e63a6e46c919
-
SHA512
1a0da8e395404523e4f295b00be630fcbbb58106e8e94f87752dff62d50c921a97b6a05a9be11348e7bcae228b109c100cfc740a5820158c61c663769ca4ff0f
-
SSDEEP
49152:rZUJgcrkXw03C/V+H+5mf2B3+nkTQK4AUF5L/vEjF:VsgcwXr3CIe5IYTQK4RnLHEZ
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
bd3a3a503834ef8e836d8a99d1ecff54
http://77.73.133.7/
Targets
-
-
Target
file
-
Size
4.7MB
-
MD5
4a7c01c347ed9416940ed8597da69e27
-
SHA1
57d9f5334ed9d1036a71a5670158fe4b9d9cfd79
-
SHA256
20ed01a8e1ec898ec25499b5ac18d8522226e08c1ff8baffc327e63a6e46c919
-
SHA512
1a0da8e395404523e4f295b00be630fcbbb58106e8e94f87752dff62d50c921a97b6a05a9be11348e7bcae228b109c100cfc740a5820158c61c663769ca4ff0f
-
SSDEEP
49152:rZUJgcrkXw03C/V+H+5mf2B3+nkTQK4AUF5L/vEjF:VsgcwXr3CIe5IYTQK4RnLHEZ
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-