General
-
Target
setupsoftapp19.0.exe
-
Size
263KB
-
Sample
230127-t7nnqacb58
-
MD5
3011c7dd93d6688a69a90453b86490e3
-
SHA1
e3cfeff2fc04b9e56c5c5e9d1b58f5950c77cff4
-
SHA256
6b53c80b5310841f6650a57f4c19a66feb461814c1b832173919bc9bfdcd2651
-
SHA512
329f0daaab2d48f55b2a86567c941d0a9f1d8db593f63c427efacab448f692cb3b2b5b8556c35182eb4a7d54b76d7338c2f1a1e0a1d9a9c282d1e0e90e47ebd7
-
SSDEEP
6144:AWM2eqdZEINj4QxcpwtuL5SGDL6cS/34Zl:/MqhiSc4GDW93
Static task
static1
Behavioral task
behavioral1
Sample
setupsoftapp19.0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
setupsoftapp19.0.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
raccoon
3f4a8564e5026a245d6974b020b3f6de
http://45.15.156.225/
Targets
-
-
Target
setupsoftapp19.0.exe
-
Size
263KB
-
MD5
3011c7dd93d6688a69a90453b86490e3
-
SHA1
e3cfeff2fc04b9e56c5c5e9d1b58f5950c77cff4
-
SHA256
6b53c80b5310841f6650a57f4c19a66feb461814c1b832173919bc9bfdcd2651
-
SHA512
329f0daaab2d48f55b2a86567c941d0a9f1d8db593f63c427efacab448f692cb3b2b5b8556c35182eb4a7d54b76d7338c2f1a1e0a1d9a9c282d1e0e90e47ebd7
-
SSDEEP
6144:AWM2eqdZEINj4QxcpwtuL5SGDL6cS/34Zl:/MqhiSc4GDW93
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-