General
-
Target
3ee0a89ab5fb64d4f3ab001b3724660b0677c33f32062ff8b26d498c93b8ef3f
-
Size
2.5MB
-
Sample
221016-gmnrrshaa5
-
MD5
e50afda85a40b86182b47eeb9cab27f8
-
SHA1
e5545a3c4672eb8196b9e434320932a242ebf5da
-
SHA256
3ee0a89ab5fb64d4f3ab001b3724660b0677c33f32062ff8b26d498c93b8ef3f
-
SHA512
369f74fd143cc5a7bcf6290d532ef622dba3e63d8efb083fcf73369e502764de9bdada783336bf189f9e8aa6c9c63f6343a7b1c78278933df6cf9be777bdf6a3
-
SSDEEP
24576:ivhJ5wsOjflMYKY0YSY0YuCfZMDYJYLdtZ8tZvEuKCDh/fj6LYYp2rl3RuQ5531Y:iJojWYKspUCDh/fj68l3q
Static task
static1
Behavioral task
behavioral1
Sample
3ee0a89ab5fb64d4f3ab001b3724660b0677c33f32062ff8b26d498c93b8ef3f.exe
Resource
win10-20220812-en
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://135.148.104.11/
http://77.73.133.7/
Targets
-
-
Target
3ee0a89ab5fb64d4f3ab001b3724660b0677c33f32062ff8b26d498c93b8ef3f
-
Size
2.5MB
-
MD5
e50afda85a40b86182b47eeb9cab27f8
-
SHA1
e5545a3c4672eb8196b9e434320932a242ebf5da
-
SHA256
3ee0a89ab5fb64d4f3ab001b3724660b0677c33f32062ff8b26d498c93b8ef3f
-
SHA512
369f74fd143cc5a7bcf6290d532ef622dba3e63d8efb083fcf73369e502764de9bdada783336bf189f9e8aa6c9c63f6343a7b1c78278933df6cf9be777bdf6a3
-
SSDEEP
24576:ivhJ5wsOjflMYKY0YSY0YuCfZMDYJYLdtZ8tZvEuKCDh/fj6LYYp2rl3RuQ5531Y:iJojWYKspUCDh/fj68l3q
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-