General
-
Target
b2ea787779b3a69119917db1862fdd50.exe
-
Size
2.1MB
-
Sample
230201-e7874abh55
-
MD5
b2ea787779b3a69119917db1862fdd50
-
SHA1
13cfa137064233181d1715cb631185aef1414520
-
SHA256
c7ebf50e12215ee97c015ce0f96f656d1274f07c36b672219f9d18bde8072362
-
SHA512
8f06fed0dc346a4becc7904dc484390c887d3a343d0919dbad616ae42413ba23744015218c1d1bc3050117d1137d6f8e3f527dbaaf2008f15bfcd844b3da4e55
-
SSDEEP
24576:VJYp7t2/0TXJCg8/IN1b4F7cBzwq3EXR3xympR3JA6yaRGTWA4qAfCpm6neAnb0c:VJYeicg8/INu6lvA/aT1
Static task
static1
Behavioral task
behavioral1
Sample
b2ea787779b3a69119917db1862fdd50.exe
Resource
win7-20221111-en
Malware Config
Extracted
raccoon
fa82e734b53e841c19108ad18b73cc3a
http://95.179.182.231/
Targets
-
-
Target
b2ea787779b3a69119917db1862fdd50.exe
-
Size
2.1MB
-
MD5
b2ea787779b3a69119917db1862fdd50
-
SHA1
13cfa137064233181d1715cb631185aef1414520
-
SHA256
c7ebf50e12215ee97c015ce0f96f656d1274f07c36b672219f9d18bde8072362
-
SHA512
8f06fed0dc346a4becc7904dc484390c887d3a343d0919dbad616ae42413ba23744015218c1d1bc3050117d1137d6f8e3f527dbaaf2008f15bfcd844b3da4e55
-
SSDEEP
24576:VJYp7t2/0TXJCg8/IN1b4F7cBzwq3EXR3xympR3JA6yaRGTWA4qAfCpm6neAnb0c:VJYeicg8/INu6lvA/aT1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-