General
-
Target
setupsoftapp19.0.zip
-
Size
2.8MB
-
Sample
230127-tvsf5sde4s
-
MD5
cdbdd350932443f101f91741a92ffe07
-
SHA1
ca5139f857e68505c11e495a250f309a87844890
-
SHA256
188314f98001d8dab68065dbd36ac6fb16f1f1869a7b2eed38572f2c8e21aaf6
-
SHA512
2942f81f43cb3de047a0f5cfabbb444a796ef3fa5e8f4345e911d6730741ffc1628a5250dad38dc87a7fc6d103dc71ec7f7b2c6f31eec1ad2ac8a933cff7197b
-
SSDEEP
49152:SqQQQUfpL0cBuZa3Vu49nWrrn+hW9vlusDFX0+56Q6P+HdttHy:bQShL0WcB49nWrrN9YoFk+56n2HdHS
Static task
static1
Behavioral task
behavioral1
Sample
setupsoftapp19.0/setupsoftapp19.0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
setupsoftapp19.0/setupsoftapp19.0.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
raccoon
3f4a8564e5026a245d6974b020b3f6de
http://45.15.156.225/
Targets
-
-
Target
setupsoftapp19.0/setupsoftapp19.0.exe
-
Size
662.6MB
-
MD5
7e3b388e559cd52d89365b77809df136
-
SHA1
e8dfcabcc2dfa7d803065d19b1922e08285bba93
-
SHA256
1c45a3aadd842b6c8c1e2920a270cc0a23493cee81d1d1833e4471a1c72973a5
-
SHA512
cebddf2f8b202f5e045bbaa74a3c3527f5fe8ee6352780217fd8413cb173d6ae164a76beeabd4a9da8633e51852528b70478ff4dacf2db588f9e869e54c1ec15
-
SSDEEP
12288:/MqhiSc4GDW93i1m3ZarAxxHuAK9MYCDAOmCLwY7NZ/zj6hmS6H1tp6S979ESZGt:Hzcow15KyA751q
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-