General
-
Target
f_008a99.zip
-
Size
4.4MB
-
Sample
230306-hhkd8aba48
-
MD5
01d8c9dd1635bf64544f9f9039caffbf
-
SHA1
7e361c8ca446b97e099c94bf4e5493b29d6212dd
-
SHA256
514ea43b3a33bed2f3fe7264752a869df138f4da3568668392311759f7b073a9
-
SHA512
e9400f215ed449d80e11c30277bc34b98170220b9f6a69c07a0345bd48b964cf9aa8971092539a8b79f5a86332096cfac021b0c1ea6ae1c4668a478ea50e3137
-
SSDEEP
98304:mY4pZXC8ivkcYDrHjecr+HZrVnL8g1BxhAZdimx+JQavG:mY4pZab2rDTr+HZrVnQg1LhATi0+JQT
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20230220-en
Malware Config
Extracted
raccoon
d4074b8c479181b90e810443a9405f3c
http://37.220.87.44/
http://94.131.3.70/
http://83.217.11.11/
http://83.217.11.13/
http://83.217.11.14/
Targets
-
-
Target
Setup.exe
-
Size
465.5MB
-
MD5
ba1f367857d1efa868bb71681e1e1420
-
SHA1
0d7917e7808a365ec09c6a848f6d20266114a662
-
SHA256
bd8b12dcaec47b31028589aa295ab16c91278814affa1bd2664905957d472a13
-
SHA512
dc48959bd3c465a09e6df275eedf910125da1222ff253ecebde94c4f7ab93f9bbce847c90cb7a339cad2697d0ab77b61b95af54713983dfc4f7566cc0ba34d88
-
SSDEEP
49152:op6MmhLSOvvm9sgb3qq/BSGnYB7VKpKeM:oKhUrtpSGngVaM
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-