General
-
Target
AppSetup.rar
-
Size
12.7MB
-
Sample
230322-fvd2vsfa37
-
MD5
a75e3f1a86813e8eebfb796364a12736
-
SHA1
a3fcb6e87b800e24289cb191b76408601420a1b0
-
SHA256
0379ee5acb117a629b1b0483986578dea456c2cc58b053a2a4a1f6666853908b
-
SHA512
ae11662095c1cfd57d3e7d158e12c82df5e1888ae7e10adb2e0fffc57068ebb96c73b72ed1d3a761cdb2a399a723dc330a009e7f7a008bbc3592aea7af08f7aa
-
SSDEEP
393216:37KFw6C9LOJqDivQBR8zbqRdvh1ya+XcrDRENY:swp9LOJU7R6qRdJF+XARmY
Static task
static1
Behavioral task
behavioral1
Sample
AppSetup/Setup.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
AppSetup/Setup.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
raccoon
717609e6131226f92ce8ce08c34305be
http://45.9.74.170
http://77.73.134.43
Targets
-
-
Target
AppSetup/Setup.exe
-
Size
733.1MB
-
MD5
d5bb80569e355d6e65de761d46b39da0
-
SHA1
8731c0883164cc951e3e80be5c64ef09400324a7
-
SHA256
213ec8ae881fbf7821c8e6574f37452bc6bb92f93ac634aa43adb5300138e614
-
SHA512
1b3593c746b79a056c15b7fe8c91c2f38685bb32eb924e34d94ba64c42cf41014ba52f2ef2bc8140837fb05f2fa04ffce92ca694c72faf9461cab88fbf805d9d
-
SSDEEP
393216:fCnzmUSYCLfqwNh5kbGUf/t1ow5QnBE6Ye:fJUSrLS8hObGUdf50a7e
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-