General
-
Target
Quarantined Messages.zip
-
Size
4.4MB
-
Sample
230322-sx4frahf35
-
MD5
c25d064157577e2a6c71f67a4a05ede5
-
SHA1
3ba690daa85efe6cab388560929ade80892632a4
-
SHA256
f6a2c9e86c86a6c83a62ce03088040d6462648413ba0d0cdb12a1cbb9a7184d5
-
SHA512
8d8d31462725c1b77b46bccaa75468c83c2f6b43b0cc19d20a61f5899811233d52b93b8bb428fa3c3e76792c9cdcc464c53c33e6fca4803c5409aafec4b76e25
-
SSDEEP
98304:LMRKsRS0MKJM3voG90G/Yr9F46bbjk8WjghhDHPe7tYLCx80w0geI6xf:LORS4svr1gYgjWkxHmWLCIMN
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20230220-en
Malware Config
Extracted
raccoon
d4074b8c479181b90e810443a9405f3c
http://37.220.87.44/
http://94.131.3.70/
http://83.217.11.11/
http://83.217.11.13/
http://83.217.11.14/
Targets
-
-
Target
Setup.exe
-
Size
465.5MB
-
MD5
ba1f367857d1efa868bb71681e1e1420
-
SHA1
0d7917e7808a365ec09c6a848f6d20266114a662
-
SHA256
bd8b12dcaec47b31028589aa295ab16c91278814affa1bd2664905957d472a13
-
SHA512
dc48959bd3c465a09e6df275eedf910125da1222ff253ecebde94c4f7ab93f9bbce847c90cb7a339cad2697d0ab77b61b95af54713983dfc4f7566cc0ba34d88
-
SSDEEP
49152:op6MmhLSOvvm9sgb3qq/BSGnYB7VKpKeM:oKhUrtpSGngVaM
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-