General
-
Target
file.exe
-
Size
2.5MB
-
Sample
221019-t5ye5sgag3
-
MD5
bd6b21b99dd64f2c77009d2dea1ea086
-
SHA1
a2a136c265189a299ed2dff677f70d1f1ca83dea
-
SHA256
8d197934ea6b6f1beee50ffce69efcf7172c00bb59fc44371ed85c2dca0a0e89
-
SHA512
c2cbc36d23161a1c32bc304b50eae8ca6be16bac4d7fae2ad5921802caae979628d04f56349cd9de4d6fc7ebe938d0416a548984eb4605b39945f8b976208b10
-
SSDEEP
24576:rayYEvGwJ82uYqY8wNvbbMoxK2DdxdE4LxK9xD6MLTRmq+CLlqzTg/l3RuQ5531S:rZYEewJ8YeFTRmq+CBqCl3U
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://77.73.133.7/
Targets
-
-
Target
file.exe
-
Size
2.5MB
-
MD5
bd6b21b99dd64f2c77009d2dea1ea086
-
SHA1
a2a136c265189a299ed2dff677f70d1f1ca83dea
-
SHA256
8d197934ea6b6f1beee50ffce69efcf7172c00bb59fc44371ed85c2dca0a0e89
-
SHA512
c2cbc36d23161a1c32bc304b50eae8ca6be16bac4d7fae2ad5921802caae979628d04f56349cd9de4d6fc7ebe938d0416a548984eb4605b39945f8b976208b10
-
SSDEEP
24576:rayYEvGwJ82uYqY8wNvbbMoxK2DdxdE4LxK9xD6MLTRmq+CLlqzTg/l3RuQ5531S:rZYEewJ8YeFTRmq+CBqCl3U
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-