General
-
Target
Setup.exe
-
Size
6.6MB
-
Sample
230221-dylvrsfc8s
-
MD5
1aa4f37c461ca22fa518c032e67739df
-
SHA1
892671ee0891a557f69d37a950e179fecb3c05ab
-
SHA256
d034c82de08e2aabe9f27089610a46d42fa741cfcaedec06a016810c660b402c
-
SHA512
fabecaaade6f73e2b5cf51f7f51044104f70da6f5f345dd225e72a2b2c5cb1649a7be9d642dee837638199eab9787bcbf1b6c271136f29b8a51820b4b1d3c560
-
SSDEEP
196608:wy0w8mRdALuABSnzSdUbiEQt9nSXMojADLgO+xKl:yEMudzHOEQt0jsgOaKl
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
raccoon
e8079d22e46847399691305c53f6386c
http://83.217.11.34
http://83.217.11.35
Targets
-
-
Target
Setup.exe
-
Size
6.6MB
-
MD5
1aa4f37c461ca22fa518c032e67739df
-
SHA1
892671ee0891a557f69d37a950e179fecb3c05ab
-
SHA256
d034c82de08e2aabe9f27089610a46d42fa741cfcaedec06a016810c660b402c
-
SHA512
fabecaaade6f73e2b5cf51f7f51044104f70da6f5f345dd225e72a2b2c5cb1649a7be9d642dee837638199eab9787bcbf1b6c271136f29b8a51820b4b1d3c560
-
SSDEEP
196608:wy0w8mRdALuABSnzSdUbiEQt9nSXMojADLgO+xKl:yEMudzHOEQt0jsgOaKl
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-