General
-
Target
119ee01755a7d9ea1e4864fcdcacacd6b71847e61751c25e4abc04be6dd6a704
-
Size
616KB
-
Sample
221111-16t8faeh6y
-
MD5
449486f7ad495390d40866850ef107c0
-
SHA1
f2ed64627b9de4e2539d967d7df9ab3db3fe6342
-
SHA256
119ee01755a7d9ea1e4864fcdcacacd6b71847e61751c25e4abc04be6dd6a704
-
SHA512
f9dcbb27e34c9de91629df7ad5f82dbacea658f8cc7e7d27fa3b36bbd88d559851bf86d364a1d2ebd5e20f382908cd5b7aaa36a7de4da9b7d0fb37395caa4939
-
SSDEEP
12288:l1fScoCadDc4ptm9xk6AStnkeemEigJkqtKCyQz27QuuEXMjS1PQfLg:l1fSczadDc4pt2lEig6qtKCWs2
Static task
static1
Behavioral task
behavioral1
Sample
119ee01755a7d9ea1e4864fcdcacacd6b71847e61751c25e4abc04be6dd6a704.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
119ee01755a7d9ea1e4864fcdcacacd6b71847e61751c25e4abc04be6dd6a704.exe
Resource
win10-20220812-en
Malware Config
Extracted
raccoon
d8f44b07b06da3a90ad87ebc9249718c
http://79.137.205.87/
Targets
-
-
Target
119ee01755a7d9ea1e4864fcdcacacd6b71847e61751c25e4abc04be6dd6a704
-
Size
616KB
-
MD5
449486f7ad495390d40866850ef107c0
-
SHA1
f2ed64627b9de4e2539d967d7df9ab3db3fe6342
-
SHA256
119ee01755a7d9ea1e4864fcdcacacd6b71847e61751c25e4abc04be6dd6a704
-
SHA512
f9dcbb27e34c9de91629df7ad5f82dbacea658f8cc7e7d27fa3b36bbd88d559851bf86d364a1d2ebd5e20f382908cd5b7aaa36a7de4da9b7d0fb37395caa4939
-
SSDEEP
12288:l1fScoCadDc4ptm9xk6AStnkeemEigJkqtKCyQz27QuuEXMjS1PQfLg:l1fSczadDc4pt2lEig6qtKCWs2
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-