General
-
Target
file.exe
-
Size
272KB
-
Sample
221128-sy682ade49
-
MD5
1b41c5a775c3b68a574a1ee62a030482
-
SHA1
c4286a02cef642ae98a2ec9de11fcc442264b644
-
SHA256
ae92d476788fccd569d64f051717bc7632abea99bb229bc11daa41543847ff92
-
SHA512
16fb5021f4aa135200bb278866ec4c557f2e79b59cff975aa8db7fa8b1ee6cde6e24a366a6741514a44b3aed208ccf52137a1c65dd3c7186397e0df10657930a
-
SSDEEP
6144:A+fWFvImGHdeao7p1t+nHduVFvg4/FQF:AjFvIfIao7Tt3DgSm
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
raccoon
ac3d98d56818de8ac1c6d9d84122c3d5
http://65.108.248.168
Targets
-
-
Target
file.exe
-
Size
272KB
-
MD5
1b41c5a775c3b68a574a1ee62a030482
-
SHA1
c4286a02cef642ae98a2ec9de11fcc442264b644
-
SHA256
ae92d476788fccd569d64f051717bc7632abea99bb229bc11daa41543847ff92
-
SHA512
16fb5021f4aa135200bb278866ec4c557f2e79b59cff975aa8db7fa8b1ee6cde6e24a366a6741514a44b3aed208ccf52137a1c65dd3c7186397e0df10657930a
-
SSDEEP
6144:A+fWFvImGHdeao7p1t+nHduVFvg4/FQF:AjFvIfIao7Tt3DgSm
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-