General
-
Target
readerdc64_it_hi_mdr_install.exe
-
Size
1.2MB
-
Sample
230208-qyl7raae7z
-
MD5
8abb981279dad6371ad9526d9fcd5df8
-
SHA1
571d964f8d27859c0773c7747378b4c0139fffca
-
SHA256
04cb991f7c25f60abc3773ccdc93595c272f0471b04fabf574839ac023b66989
-
SHA512
d3ab76a2b35d92ce26b09d6f4f3579f3825ca1f21a71ab8ae24ad5b2266914489584c1d4af82996527757729cbdb7c6e2c1a63ad10b5bef3d3a6ae1731348817
-
SSDEEP
24576:pwMt9/dQCf51s2CF0ZwSr2bVwVuXE9WdHwTqC6po9kKSRnIN4Y:CMt9FQCz+EwSr2bQUdQB32INx
Static task
static1
Behavioral task
behavioral1
Sample
readerdc64_it_hi_mdr_install.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
readerdc64_it_hi_mdr_install.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
Targets
-
-
Target
readerdc64_it_hi_mdr_install.exe
-
Size
1.2MB
-
MD5
8abb981279dad6371ad9526d9fcd5df8
-
SHA1
571d964f8d27859c0773c7747378b4c0139fffca
-
SHA256
04cb991f7c25f60abc3773ccdc93595c272f0471b04fabf574839ac023b66989
-
SHA512
d3ab76a2b35d92ce26b09d6f4f3579f3825ca1f21a71ab8ae24ad5b2266914489584c1d4af82996527757729cbdb7c6e2c1a63ad10b5bef3d3a6ae1731348817
-
SSDEEP
24576:pwMt9/dQCf51s2CF0ZwSr2bVwVuXE9WdHwTqC6po9kKSRnIN4Y:CMt9FQCz+EwSr2bQUdQB32INx
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-