General
-
Target
03f877143660b9aeb7e7c9914a1efeaedd081e8d8d9cdfeee237c96590e98003
-
Size
252KB
-
Sample
221115-v3d46aah2w
-
MD5
df33b0d67d342bda0f8bd309924d36ff
-
SHA1
931f3eff9541728edd27fc8a3e5385b147edd2f5
-
SHA256
03f877143660b9aeb7e7c9914a1efeaedd081e8d8d9cdfeee237c96590e98003
-
SHA512
54b5b94e690afc3b9a8f2ab9db0a2404e3c72cbfecf4dfccfac040a36f3288b332273077c624db24dfcbb11e455675873f81176850eaa9122de6edc9910b17ef
-
SSDEEP
3072:2KYoDXX5nm8PGD35Z20OY/PKhNPkQbHl9LADsETJctI6rLpsNJPdYlvqx48UrkHD:Q65mtDp5dnqPvbH/EgdI6rVtK480
Static task
static1
Behavioral task
behavioral1
Sample
03f877143660b9aeb7e7c9914a1efeaedd081e8d8d9cdfeee237c96590e98003.exe
Resource
win10-20220901-en
Malware Config
Extracted
raccoon
dbffbdbc9786a5c270e6dd2d647e18ea
http://79.137.205.87/
Targets
-
-
Target
03f877143660b9aeb7e7c9914a1efeaedd081e8d8d9cdfeee237c96590e98003
-
Size
252KB
-
MD5
df33b0d67d342bda0f8bd309924d36ff
-
SHA1
931f3eff9541728edd27fc8a3e5385b147edd2f5
-
SHA256
03f877143660b9aeb7e7c9914a1efeaedd081e8d8d9cdfeee237c96590e98003
-
SHA512
54b5b94e690afc3b9a8f2ab9db0a2404e3c72cbfecf4dfccfac040a36f3288b332273077c624db24dfcbb11e455675873f81176850eaa9122de6edc9910b17ef
-
SSDEEP
3072:2KYoDXX5nm8PGD35Z20OY/PKhNPkQbHl9LADsETJctI6rLpsNJPdYlvqx48UrkHD:Q65mtDp5dnqPvbH/EgdI6rVtK480
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-