General
-
Target
d1e2bc51e0ac5a930a2493a6d8ff33d329608283c5af41fc037169bc65ff4284
-
Size
253KB
-
Sample
221116-bmcfvagg23
-
MD5
4df6d897da9e1f0c5f46e63cc80ff925
-
SHA1
319b8ba52e1ec8e88891be42ba68a81b2ba35001
-
SHA256
d1e2bc51e0ac5a930a2493a6d8ff33d329608283c5af41fc037169bc65ff4284
-
SHA512
36c8fc610864fd627110928fba31a03a20edb751da54201c0d264cc35a23312d0c35f0b401151aadd0971a0e300ec44d8c9bce9098437afb0d135bbcf39a897c
-
SSDEEP
3072:6aKOu5Fd0BaewvGwDYjwoHwCmttJFH5+5V2JkuTPdYlvdkfT/yrkHD:0XIFwvDDmfHw5BE32J4tdkfTG
Static task
static1
Behavioral task
behavioral1
Sample
d1e2bc51e0ac5a930a2493a6d8ff33d329608283c5af41fc037169bc65ff4284.exe
Resource
win10-20220812-en
Malware Config
Extracted
raccoon
dbffbdbc9786a5c270e6dd2d647e18ea
http://79.137.205.87/
Targets
-
-
Target
d1e2bc51e0ac5a930a2493a6d8ff33d329608283c5af41fc037169bc65ff4284
-
Size
253KB
-
MD5
4df6d897da9e1f0c5f46e63cc80ff925
-
SHA1
319b8ba52e1ec8e88891be42ba68a81b2ba35001
-
SHA256
d1e2bc51e0ac5a930a2493a6d8ff33d329608283c5af41fc037169bc65ff4284
-
SHA512
36c8fc610864fd627110928fba31a03a20edb751da54201c0d264cc35a23312d0c35f0b401151aadd0971a0e300ec44d8c9bce9098437afb0d135bbcf39a897c
-
SSDEEP
3072:6aKOu5Fd0BaewvGwDYjwoHwCmttJFH5+5V2JkuTPdYlvdkfT/yrkHD:0XIFwvDDmfHw5BE32J4tdkfTG
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-