General
-
Target
File_For-PC_2023.exe
-
Size
6.6MB
-
Sample
230222-dlekxshf22
-
MD5
bd15403d5df88d8cc43bebb99c693081
-
SHA1
2bb14961a9f0bd6e1290f6d40f82e52e0787b76f
-
SHA256
443d8b32c93c9464b200823b5f7fc6378a26971383e2619c19a0d9dd6ba0b7ba
-
SHA512
73e2935f3668e15342f3b68ac1fd2d1c78b24377a45f733194e6c1f85060da59358a32e5bd59accaf6fa20d95c61221fc20376efdedc4ec2798447103f9a500e
-
SSDEEP
196608:cujVzKGt5ZBddwEOa3uqvqFME6d1aZEHQ0cYYBxEG:c2PRdBTdE6d1UEw0cHBK
Static task
static1
Malware Config
Extracted
raccoon
467a953db8cf896cec6946f6144f8158
http://5.75.182.199/
http://77.91.84.68/
http://80.85.241.20/
Targets
-
-
Target
File_For-PC_2023.exe
-
Size
6.6MB
-
MD5
bd15403d5df88d8cc43bebb99c693081
-
SHA1
2bb14961a9f0bd6e1290f6d40f82e52e0787b76f
-
SHA256
443d8b32c93c9464b200823b5f7fc6378a26971383e2619c19a0d9dd6ba0b7ba
-
SHA512
73e2935f3668e15342f3b68ac1fd2d1c78b24377a45f733194e6c1f85060da59358a32e5bd59accaf6fa20d95c61221fc20376efdedc4ec2798447103f9a500e
-
SSDEEP
196608:cujVzKGt5ZBddwEOa3uqvqFME6d1aZEHQ0cYYBxEG:c2PRdBTdE6d1UEw0cHBK
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-