General
-
Target
d9f20aa6c9f471e5284333e39d28aa8d.exe
-
Size
370KB
-
Sample
221111-yvdp7sea7w
-
MD5
d9f20aa6c9f471e5284333e39d28aa8d
-
SHA1
4beaf2dcbc76f64a3a256cf338bc3c82b7e46cf7
-
SHA256
a9e3f68e1fe6f780b93cc70bc2597bf226539bc931821e398c7a91908128c989
-
SHA512
96df79853ee0f798d2d4fc36d7318bdf23e20bc89bea007f0e6f58f905fd13ff9f0b9bd87432d54dd6c3958ca957f81d105290fa2a49f9a9a8d3cf07b19c3be5
-
SSDEEP
6144:RoywH9S83VABiuy2EibE1nRq+HrE/7LHZ6zAIr5yq5uVCJ4wVChj/2E:iH9S83VABiuy2EiA1nRq+HrE/7W5uVCI
Static task
static1
Behavioral task
behavioral1
Sample
d9f20aa6c9f471e5284333e39d28aa8d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
d9f20aa6c9f471e5284333e39d28aa8d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
d8f44b07b06da3a90ad87ebc9249718c
http://79.137.205.87/
Targets
-
-
Target
d9f20aa6c9f471e5284333e39d28aa8d.exe
-
Size
370KB
-
MD5
d9f20aa6c9f471e5284333e39d28aa8d
-
SHA1
4beaf2dcbc76f64a3a256cf338bc3c82b7e46cf7
-
SHA256
a9e3f68e1fe6f780b93cc70bc2597bf226539bc931821e398c7a91908128c989
-
SHA512
96df79853ee0f798d2d4fc36d7318bdf23e20bc89bea007f0e6f58f905fd13ff9f0b9bd87432d54dd6c3958ca957f81d105290fa2a49f9a9a8d3cf07b19c3be5
-
SSDEEP
6144:RoywH9S83VABiuy2EibE1nRq+HrE/7LHZ6zAIr5yq5uVCJ4wVChj/2E:iH9S83VABiuy2EiA1nRq+HrE/7W5uVCI
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-