General
-
Target
Adobe_Photoshop_2022.rar
-
Size
1.8MB
-
Sample
221216-1mw8paae9x
-
MD5
d667c0f13d5f8473209308352cb69a29
-
SHA1
eff868d43b7a08bd138fbc6cf3300845695368bc
-
SHA256
1fd5c566aa8a625297a5910399f4e3700b5e3698f569a446a42a3e9b022640cf
-
SHA512
88d95a6c2f52e7df3b12d07f9c3ac74ae420ae715992341662e57f7d1404cff2a5d036f01bd2be14b5e5b9d710be8893fa9c7e06027846e6b4671901652b2e4f
-
SSDEEP
49152:OHz8CCr2sSKeKBAa0pTaZlidQFUizYNqo/QbXXHutkn+:mICVZXKBAa0laZlidQk2bHO2n+
Static task
static1
Behavioral task
behavioral1
Sample
Adobe_Photoshop_2022/photoshop.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Adobe_Photoshop_2022/photoshop.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
raccoon
3c35ec73bceaa673478a25f7581e1002
http://37.220.87.34/
Targets
-
-
Target
Adobe_Photoshop_2022/photoshop.exe
-
Size
825.7MB
-
MD5
6a984a409107f009ea8cb6f47b804e90
-
SHA1
0a39061d262e9ce7ad2e5abb5b0092c7af1ede67
-
SHA256
1215867d3c24aaef5ebeeb0fa588e71de6e305c94a71975266e501230098e447
-
SHA512
2938a45debc62693f5c56b18ca182c8d4cde9a2e38474dbf3c537ad8000c86d10d6c729c2f6a36b46ade4643272da46daf401bd3467f63c14bd1f2fc3cdf85cb
-
SSDEEP
12288:SIZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZBxnsGu42O4XQzw/t+DrX:SAxsGLPEMwF+
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-