General
-
Target
565.exe
-
Size
369KB
-
Sample
221018-3z8hlaebh9
-
MD5
b87c8d583a69a8a9b59fc628a2a8aa2a
-
SHA1
d0edbcb0176394e5f054c04f86ac5888dd806e39
-
SHA256
c585f047d68f7bc0c694eaa795b57e38c22229a4a965b446dc1353be7299953e
-
SHA512
47a8f972facbc3b84720da6fbbdfc587b7deb31eabaa51cf5cd1b3ca090194c930c3f5421943a97cca34dd5e36e6b719fc7b42b93bbf41afb990a72e23c556a2
-
SSDEEP
6144:PIIcrXQ4S33w614mazUBHfSdocWYD24IT+tcWnGwXt2wQh:JcrNS33L10QdrXZT+tcWnGwXtYh
Static task
static1
Behavioral task
behavioral1
Sample
565.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
565.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://77.73.133.7/
Targets
-
-
Target
565.exe
-
Size
369KB
-
MD5
b87c8d583a69a8a9b59fc628a2a8aa2a
-
SHA1
d0edbcb0176394e5f054c04f86ac5888dd806e39
-
SHA256
c585f047d68f7bc0c694eaa795b57e38c22229a4a965b446dc1353be7299953e
-
SHA512
47a8f972facbc3b84720da6fbbdfc587b7deb31eabaa51cf5cd1b3ca090194c930c3f5421943a97cca34dd5e36e6b719fc7b42b93bbf41afb990a72e23c556a2
-
SSDEEP
6144:PIIcrXQ4S33w614mazUBHfSdocWYD24IT+tcWnGwXt2wQh:JcrNS33L10QdrXZT+tcWnGwXtYh
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-