General
-
Target
f_0149a4
-
Size
4.3MB
-
Sample
230326-fvznkahe9s
-
MD5
69db010543d6a83c0847c8b025bf63a2
-
SHA1
7d53b3fdf413b0357d404cb5f2955143e0ffe204
-
SHA256
620575d2222bcaae0e6a633b407a842e45ad9b47c2b5d93ab10e7386424e856d
-
SHA512
eee0e9498238dd90797aa0558906dce1ca0d4148dd35e3b503664780dd778c67affa5a546d50a365567e3c740ec83042d9f920f9b56cacfba8eaa94662735b2c
-
SSDEEP
98304:Z7XVo8WzE6jMJ7qGEb7QQripIHbRbSAGcm/BSa8kuYMnAb1kkKHs5rOaFJvqmMXt:hVujSeGEb/r5HbhfGjq2MnckkKTa3MXt
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20230220-en
Malware Config
Extracted
raccoon
d4074b8c479181b90e810443a9405f3c
http://37.220.87.44/
http://94.131.3.70/
http://83.217.11.11/
http://83.217.11.13/
http://83.217.11.14/
Targets
-
-
Target
Setup.exe
-
Size
465.5MB
-
MD5
ba1f367857d1efa868bb71681e1e1420
-
SHA1
0d7917e7808a365ec09c6a848f6d20266114a662
-
SHA256
bd8b12dcaec47b31028589aa295ab16c91278814affa1bd2664905957d472a13
-
SHA512
dc48959bd3c465a09e6df275eedf910125da1222ff253ecebde94c4f7ab93f9bbce847c90cb7a339cad2697d0ab77b61b95af54713983dfc4f7566cc0ba34d88
-
SSDEEP
49152:op6MmhLSOvvm9sgb3qq/BSGnYB7VKpKeM:oKhUrtpSGngVaM
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-