General
-
Target
8afe2857096c348a787abff7ba7739fdb8f4c82bf0fae6c14a80204e69df1788
-
Size
976KB
-
Sample
221114-fmznlaeh75
-
MD5
ac039cca27fd7d9b40dea205b4527a79
-
SHA1
d36779a4613a108ffa5bc1e1e0fa80ba4b6f9130
-
SHA256
8afe2857096c348a787abff7ba7739fdb8f4c82bf0fae6c14a80204e69df1788
-
SHA512
6f8cf94d4df8b15300444622dea0537270062e3d64ee505b3ea4e51b492c9610495c0bf3ae9ece5d0b300265cc81123f4750c4ee98e55b5db38618857f3cb6de
-
SSDEEP
1536:hWoMfU1jzwxqdGqIOg1QNGia+df3WqRpngsW2pxPeM+Xtveu2mik2qR+:aU14qdSC3Td3WCng3OP+X12mZ2q
Static task
static1
Behavioral task
behavioral1
Sample
8afe2857096c348a787abff7ba7739fdb8f4c82bf0fae6c14a80204e69df1788.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
8afe2857096c348a787abff7ba7739fdb8f4c82bf0fae6c14a80204e69df1788.exe
Resource
win10-20220812-en
Malware Config
Extracted
raccoon
dbffbdbc9786a5c270e6dd2d647e18ea
http://79.137.205.87/
Targets
-
-
Target
8afe2857096c348a787abff7ba7739fdb8f4c82bf0fae6c14a80204e69df1788
-
Size
976KB
-
MD5
ac039cca27fd7d9b40dea205b4527a79
-
SHA1
d36779a4613a108ffa5bc1e1e0fa80ba4b6f9130
-
SHA256
8afe2857096c348a787abff7ba7739fdb8f4c82bf0fae6c14a80204e69df1788
-
SHA512
6f8cf94d4df8b15300444622dea0537270062e3d64ee505b3ea4e51b492c9610495c0bf3ae9ece5d0b300265cc81123f4750c4ee98e55b5db38618857f3cb6de
-
SSDEEP
1536:hWoMfU1jzwxqdGqIOg1QNGia+df3WqRpngsW2pxPeM+Xtveu2mik2qR+:aU14qdSC3Td3WCng3OP+X12mZ2q
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-