General
-
Target
file.exe
-
Size
141KB
-
Sample
221115-rsz24aec68
-
MD5
13fd3c9cd13274dc2c442e340ba6d42b
-
SHA1
57f9dd829648ac3c123d3922231b343a27e03166
-
SHA256
41686ad7861e37227ef1e467c075c844beee3e7c5fbdf9fbad39b9172f4a0c23
-
SHA512
fc8f2b13f618390d5176afc441f3ba2f1265f7706273507634fdc7c5b125f4f5d5fa2d3d6b41ac04c7c53fe36dda631214982b16836657e3605c8fbbbe69a682
-
SSDEEP
3072:DpubsXR144r2Qey6tIxFFYNcTxnZ/2y9Ua:DW4b4QpKtIxFFpFncVa
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
53508e7dc4e08bd33122d190a04a1200
http://45.15.156.105/
Targets
-
-
Target
file.exe
-
Size
141KB
-
MD5
13fd3c9cd13274dc2c442e340ba6d42b
-
SHA1
57f9dd829648ac3c123d3922231b343a27e03166
-
SHA256
41686ad7861e37227ef1e467c075c844beee3e7c5fbdf9fbad39b9172f4a0c23
-
SHA512
fc8f2b13f618390d5176afc441f3ba2f1265f7706273507634fdc7c5b125f4f5d5fa2d3d6b41ac04c7c53fe36dda631214982b16836657e3605c8fbbbe69a682
-
SSDEEP
3072:DpubsXR144r2Qey6tIxFFYNcTxnZ/2y9Ua:DW4b4QpKtIxFFpFncVa
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-