General
-
Target
MyNewFileChr.exe
-
Size
627KB
-
Sample
221017-ergsxaafd9
-
MD5
092c5b3060a6637cd401158edb4a9910
-
SHA1
36e52949d3288471618a3fb21dc669c41e8bbd8c
-
SHA256
f7bbfb5a8759f1166b757d2443719b581f4079fb96ae6bdf93786c20400f6612
-
SHA512
774634f10223015d7ea7c6ac07b2e2064af6ca33176f96dc5632315221f9c5e32e4abb84fd1f7749cc3ea8b95a6e8bc821be47ee35d70a379e22aa40a22c391f
-
SSDEEP
6144:FSezGmhidPYUNGrREDXW8jOD/gSxgRU6/lkw3RRMxNjfOBYxXr3A:FSYPWxW77gSxgWwa3A
Static task
static1
Behavioral task
behavioral1
Sample
MyNewFileChr.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
MyNewFileChr.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://77.73.133.7/
Targets
-
-
Target
MyNewFileChr.exe
-
Size
627KB
-
MD5
092c5b3060a6637cd401158edb4a9910
-
SHA1
36e52949d3288471618a3fb21dc669c41e8bbd8c
-
SHA256
f7bbfb5a8759f1166b757d2443719b581f4079fb96ae6bdf93786c20400f6612
-
SHA512
774634f10223015d7ea7c6ac07b2e2064af6ca33176f96dc5632315221f9c5e32e4abb84fd1f7749cc3ea8b95a6e8bc821be47ee35d70a379e22aa40a22c391f
-
SSDEEP
6144:FSezGmhidPYUNGrREDXW8jOD/gSxgRU6/lkw3RRMxNjfOBYxXr3A:FSYPWxW77gSxgWwa3A
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-