General
-
Target
file.exe
-
Size
2.5MB
-
Sample
221017-yn8xrsche3
-
MD5
ae77c94a61d57734721deb063a7b6810
-
SHA1
60aaaae059ecd0a2c023aa0b04d45ae0fd810d0f
-
SHA256
9d91cbc0bff07a1c1749886482c8defb287c1a2528e60d6f7100e6030470c482
-
SHA512
38ac4b217faa9bf5d61d3ddfef35286c56f5e6305d660f40d74c0df60f84a551720b9f56ebb99317583a0ce8c716be755b24054575591cdd95f4a1af3b5cfb2f
-
SSDEEP
24576:/LFn3VKYc4m2vYoYMUa0uBMErtkudRdUshmGD6QOqCqFUFkLY/KJlXl3RuQ5531v:/LFn3VK/4m4OWCqFUFkkC3Xl3h
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://77.73.133.7/
Targets
-
-
Target
file.exe
-
Size
2.5MB
-
MD5
ae77c94a61d57734721deb063a7b6810
-
SHA1
60aaaae059ecd0a2c023aa0b04d45ae0fd810d0f
-
SHA256
9d91cbc0bff07a1c1749886482c8defb287c1a2528e60d6f7100e6030470c482
-
SHA512
38ac4b217faa9bf5d61d3ddfef35286c56f5e6305d660f40d74c0df60f84a551720b9f56ebb99317583a0ce8c716be755b24054575591cdd95f4a1af3b5cfb2f
-
SSDEEP
24576:/LFn3VKYc4m2vYoYMUa0uBMErtkudRdUshmGD6QOqCqFUFkLY/KJlXl3RuQ5531v:/LFn3VK/4m4OWCqFUFkkC3Xl3h
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-