General
-
Target
dd65171f49f16928478b571996b99a33.bin
-
Size
3.4MB
-
Sample
230224-cgawhahh69
-
MD5
d3f5b833dc559d401e2ed1987c0ca29c
-
SHA1
46f3a08ded77550b968f586f567d1597dc21388f
-
SHA256
28b9977b341a7a9f4984a63e364035b6e40fd8efbf7b8f471cb8720b0dba20dc
-
SHA512
efeb17f8e93eefeb8da8bf4fa0806ea97146a060f99e53d57ca66db31d4effb47cae8bb0e805401a9ad8c5aa844895aea9042eb15bbf2db8e43f3d29fd335ca5
-
SSDEEP
98304:9PizunWSiJm2TMaok/3lffmT7mxTSBIfVU/XIERT:Z06WI2Qaoc3smxOEVGXIEl
Behavioral task
behavioral1
Sample
5ef1589d1a0c75747a2f7c193956fb7588f456a60fef3f903b12d84989e4e89a.exe
Resource
win7-20230220-en
Malware Config
Extracted
raccoon
960d8047e2829c4b87de991d706e2490
http://94.142.138.37/
Targets
-
-
Target
5ef1589d1a0c75747a2f7c193956fb7588f456a60fef3f903b12d84989e4e89a.exe
-
Size
3.6MB
-
MD5
dd65171f49f16928478b571996b99a33
-
SHA1
79fe9466c919cc8a0dbf88cd56a275b7276c45d1
-
SHA256
5ef1589d1a0c75747a2f7c193956fb7588f456a60fef3f903b12d84989e4e89a
-
SHA512
49f54e2b8110d15dce742032c2e0fc63b308b2f465159c117254ed152468fe78e9fff6f4c805936900fb527942171ebc210b95b49f9d7b4c39e5d44127c97285
-
SSDEEP
49152:+SNKBJ20GZsIuAoAEm/It5HhYyXeBwlBKw3kPXvyNiqBFpI5+wXmAE7/FRLyBhcD:hN620Rv1rrYyXeiKYk6Lus7zysp
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-