General
-
Target
0b1c78db1d6debc91c59c0d7dfe9dd31.exe
-
Size
30.1MB
-
Sample
221014-1z3agaegal
-
MD5
0b1c78db1d6debc91c59c0d7dfe9dd31
-
SHA1
98575e24bfe6a11c678de4f9ebc55453710fcc75
-
SHA256
a027d527bf8e2d3682ee39f12379d113bc7d28193d36b2c448712e5c8009ff52
-
SHA512
2d9c226b5dcbd2c3e54816c374a46e4d9e04b22ecde3c8a231cd7b55ae7183134a3b5a54af0dc05e774ba9b25f444609fc43ec0bb526a619c5297489b55eff02
-
SSDEEP
786432:TZ2NuqrYwxyy8BXmRAw/5Vi5U21eNJvkH:TANua5xd89mmwQHoU
Static task
static1
Behavioral task
behavioral1
Sample
0b1c78db1d6debc91c59c0d7dfe9dd31.exe
Resource
win7-20220812-en
Malware Config
Extracted
http://31.42.177.171/hfile.bin
Extracted
raccoon
9b19cf60d9bdf65b8a2495aa965456c3
http://77.91.123.97/
Targets
-
-
Target
0b1c78db1d6debc91c59c0d7dfe9dd31.exe
-
Size
30.1MB
-
MD5
0b1c78db1d6debc91c59c0d7dfe9dd31
-
SHA1
98575e24bfe6a11c678de4f9ebc55453710fcc75
-
SHA256
a027d527bf8e2d3682ee39f12379d113bc7d28193d36b2c448712e5c8009ff52
-
SHA512
2d9c226b5dcbd2c3e54816c374a46e4d9e04b22ecde3c8a231cd7b55ae7183134a3b5a54af0dc05e774ba9b25f444609fc43ec0bb526a619c5297489b55eff02
-
SSDEEP
786432:TZ2NuqrYwxyy8BXmRAw/5Vi5U21eNJvkH:TANua5xd89mmwQHoU
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-