General
-
Target
5581da534043fc10507cfa13357f2876.exe
-
Size
20.0MB
-
Sample
230323-g4b5asea44
-
MD5
5581da534043fc10507cfa13357f2876
-
SHA1
ddf9af0706ce403d94358e0677855974900a987e
-
SHA256
64dda7c8105120218fe71c334ed0bdc5690333c40699ec0246a0a8dde6804e29
-
SHA512
120eac1c6daa34024084ec6dc6835c0be14a99c6f278a2403dba3300e8b0e4ccd9c734f9f763015fca83b2c501f8e1428f238ff73667c6c7331904d2425bb683
-
SSDEEP
98304:3Vde8FivCeGDRsiSc/XBgZrzyWGgRSL6O2jSk6adBNWuz+VRD0MbQe:HZFwAur6XBazEgRSSjS5aT1z+/D0yQe
Behavioral task
behavioral1
Sample
5581da534043fc10507cfa13357f2876.exe
Resource
win7-20230220-en
Malware Config
Extracted
raccoon
540b1db0b12b23e63e6942952aa03e47
http://45.9.74.36/
http://45.9.74.34/
Targets
-
-
Target
5581da534043fc10507cfa13357f2876.exe
-
Size
20.0MB
-
MD5
5581da534043fc10507cfa13357f2876
-
SHA1
ddf9af0706ce403d94358e0677855974900a987e
-
SHA256
64dda7c8105120218fe71c334ed0bdc5690333c40699ec0246a0a8dde6804e29
-
SHA512
120eac1c6daa34024084ec6dc6835c0be14a99c6f278a2403dba3300e8b0e4ccd9c734f9f763015fca83b2c501f8e1428f238ff73667c6c7331904d2425bb683
-
SSDEEP
98304:3Vde8FivCeGDRsiSc/XBgZrzyWGgRSL6O2jSk6adBNWuz+VRD0MbQe:HZFwAur6XBazEgRSSjS5aT1z+/D0yQe
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-