General
-
Target
file.exe
-
Size
2.5MB
-
Sample
221017-ndpq2abggk
-
MD5
f24ff4071d6e62c0740a507a8a5c9734
-
SHA1
61a091ae859808f1ab43f4155fe9717a7b7fb675
-
SHA256
2eb8a3cb622a19952d8f271155c5a8ec344325410d74103ce042c46eab05d84a
-
SHA512
ec8bc4406cee83302dffa31beaba5ac7fdd27fdca62660b43a03f9ffdcf3eeaff1cca5f525b8b927bd9cdda4d33f299eb8c50d562b1dd49eadb4c031a8ee1589
-
SSDEEP
24576:HfQIt5GjOioY2YXfnCTJM7eP7xdYPSjbOR+9612o09mnxxbLxxrJjl3RuQ553135:HfQyGjOdF4unoHnxxbnrJjl3X
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://77.73.133.7/
Targets
-
-
Target
file.exe
-
Size
2.5MB
-
MD5
f24ff4071d6e62c0740a507a8a5c9734
-
SHA1
61a091ae859808f1ab43f4155fe9717a7b7fb675
-
SHA256
2eb8a3cb622a19952d8f271155c5a8ec344325410d74103ce042c46eab05d84a
-
SHA512
ec8bc4406cee83302dffa31beaba5ac7fdd27fdca62660b43a03f9ffdcf3eeaff1cca5f525b8b927bd9cdda4d33f299eb8c50d562b1dd49eadb4c031a8ee1589
-
SSDEEP
24576:HfQIt5GjOioY2YXfnCTJM7eP7xdYPSjbOR+9612o09mnxxbLxxrJjl3RuQ553135:HfQyGjOdF4unoHnxxbnrJjl3X
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-