General
-
Target
Passwords_123_Full_Setup.rar
-
Size
3.3MB
-
Sample
230113-ps7qtsce8z
-
MD5
772cb08e8274d364f02158ca4ddb5f4c
-
SHA1
a05f87d9e4eee278a72068f6922769e8784de770
-
SHA256
a05fbd23a3dc9003b355d8ac63957b33b1f34488c183264378d0a2511231d03b
-
SHA512
c33435aa1d57c13c828daeb19030d806f93545b329e8ece6cf549e906e883db6c3f8cc329fdf0d4b0c62d0cabfd986144de25b79746412eae86ac5367849d6f5
-
SSDEEP
98304:dB75OFS/SKv6WNTxuOkQ4fo0C/pEO/6QRhgI:dOS/SKyWyOgg0UJ/6QXb
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
Setup.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
raccoon
l����|
Extracted
raccoon
8eb14caca01131f5f4ff62ef8a0fcab4
http://77.75.230.25/
http://146.19.170.157/
Targets
-
-
Target
Setup.exe
-
Size
468.7MB
-
MD5
1ccbff5b7f0e9240288dc304b408683d
-
SHA1
6816a17240dfb5401e745aab50a70706a3573957
-
SHA256
57bd3423392a4825cc466ed4051789f5b99f5acfe222cefa348714d8b99dff0c
-
SHA512
ee2d3fa8e4e67eed670a3b0946471d8bb0857449f69c3198e9d5f0c8646503eef82d679d3dfee846fd34fd8434d4314735d90fe934d208c6bf56182db13d07f6
-
SSDEEP
49152:Un62QFJfD4IYSthbGa+YgOAv29U+IJ0pJTyn7TkXnE4F8:UhQF2Lghyru9a4Zy7TDy8
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-