General
-
Target
e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca.zip
-
Size
6.4MB
-
Sample
221130-jvhxlabe57
-
MD5
b424842beae9cadc0cb3e4990ef060b4
-
SHA1
b6913ac02584fc45ee1e6a6bb2c66e1e610b1e47
-
SHA256
f4fd0842db586c415fcb3e83a4b7168df03b851557873d2d18978ad57b257a1b
-
SHA512
afe7186d6b06f0fe7fa320c91e2d5fb0a8c371298bcb61633c963d9067bc97134834c413de1607b61314d404047f38a070c5c9a524b970d1da8c97df7ad9837f
-
SSDEEP
98304:gfTxhb+qhRmj2H1elEtqVcCJg7+xyob71ihfJ/eYxyoY8zo2Z99pKamlAsWs+Y:cTxboaVoEtac4g7+ClxloIdNPY
Behavioral task
behavioral1
Sample
e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca.exe
Resource
win7-20220812-en
Malware Config
Extracted
raccoon
417f00e313b534b6267434933616178b
http://193.149.185.171
http://193.149.180.60
http://193.149.187.34
Targets
-
-
Target
e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca.exe
-
Size
6.7MB
-
MD5
7fdff809af7d3b25c76709165a78a89e
-
SHA1
6a62910a88111aad6a22924a8e1d1a35626f6bee
-
SHA256
e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca
-
SHA512
925fbf207a628989230ccbdb16e41eb8a54c9df801e05f4a3ee71d8f66557e97fdef7453b89f50f73d8ef812edb7ff43178a367a4f1f67b901ef1972cb35f950
-
SSDEEP
98304:yQG23fmewHtW7ZgPsy8WtNyDqmNiRMkJlSqxegWtIoZv082OQvG5N8pbso2x+x:jaQy86+iRM8EIegG/ZvhWrgj6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-