General
-
Target
3a3b33f3c468bfc7b2759d9e7ecf793d.exe
-
Size
16.9MB
-
Sample
221012-rnz7asfbc7
-
MD5
3a3b33f3c468bfc7b2759d9e7ecf793d
-
SHA1
74552fc3a50344a814c1e48d832ee055abbe3f4c
-
SHA256
984e7d941327d6764df705f36223d4f137eff73c2dfb6acc117f6326b41e0968
-
SHA512
5d7ed325372289c8e5c93d35265dcecceaeaa2e429fd4f3ab866a5868a18c765c870c931d4cac2380fc8ba25d85241db4ca569f194a76df757fef89f42beaa9f
-
SSDEEP
393216:z6tlPxMeW6cML02hze6fw0ZyHFZtFFvYts19VQIJgNx/srAAS:k3MeFtSbtFBYO1xUHJ
Static task
static1
Behavioral task
behavioral1
Sample
3a3b33f3c468bfc7b2759d9e7ecf793d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3a3b33f3c468bfc7b2759d9e7ecf793d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://31.42.177.216/hfile.bin
Extracted
raccoon
9b19cf60d9bdf65b8a2495aa965456c3
http://188.93.233.101/
Targets
-
-
Target
3a3b33f3c468bfc7b2759d9e7ecf793d.exe
-
Size
16.9MB
-
MD5
3a3b33f3c468bfc7b2759d9e7ecf793d
-
SHA1
74552fc3a50344a814c1e48d832ee055abbe3f4c
-
SHA256
984e7d941327d6764df705f36223d4f137eff73c2dfb6acc117f6326b41e0968
-
SHA512
5d7ed325372289c8e5c93d35265dcecceaeaa2e429fd4f3ab866a5868a18c765c870c931d4cac2380fc8ba25d85241db4ca569f194a76df757fef89f42beaa9f
-
SSDEEP
393216:z6tlPxMeW6cML02hze6fw0ZyHFZtFFvYts19VQIJgNx/srAAS:k3MeFtSbtFBYO1xUHJ
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-