General
-
Target
4920bdeb33972d9f4ef1f4d598fb3bb7.exe
-
Size
20.0MB
-
Sample
230321-l3eagsbf5w
-
MD5
4920bdeb33972d9f4ef1f4d598fb3bb7
-
SHA1
043c5ee1e45accffa8d02c88fe65338c92606d74
-
SHA256
b6c63317d884b7fef58431c1ca61fd85438246a23c3e6920b3584741cc455846
-
SHA512
5b6b1f5912ef401b75dfb0a5cf9f1048a065bb44bc6c5c65e5de316250039ae61230015f6802f629d2e60409c818b3831b5013517449f8eff300bf0064b394d9
-
SSDEEP
98304:3Vde8FivCeGDRsiSc/XBgZrzyWGgRSL6O2jSk6adBNWuz+VRD0MbQt:HZFwAur6XBazEgRSSjS5aT1z+/D0yQt
Behavioral task
behavioral1
Sample
4920bdeb33972d9f4ef1f4d598fb3bb7.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4920bdeb33972d9f4ef1f4d598fb3bb7.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
raccoon
540b1db0b12b23e63e6942952aa03e47
http://45.9.74.36/
http://45.9.74.34/
Targets
-
-
Target
4920bdeb33972d9f4ef1f4d598fb3bb7.exe
-
Size
20.0MB
-
MD5
4920bdeb33972d9f4ef1f4d598fb3bb7
-
SHA1
043c5ee1e45accffa8d02c88fe65338c92606d74
-
SHA256
b6c63317d884b7fef58431c1ca61fd85438246a23c3e6920b3584741cc455846
-
SHA512
5b6b1f5912ef401b75dfb0a5cf9f1048a065bb44bc6c5c65e5de316250039ae61230015f6802f629d2e60409c818b3831b5013517449f8eff300bf0064b394d9
-
SSDEEP
98304:3Vde8FivCeGDRsiSc/XBgZrzyWGgRSL6O2jSk6adBNWuz+VRD0MbQt:HZFwAur6XBazEgRSSjS5aT1z+/D0yQt
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-