General
-
Target
SеT-uр.zip
-
Size
2.7MB
-
Sample
230331-kza8zsae71
-
MD5
df79847f2499a41f23c5bb130475eba4
-
SHA1
1a1dfcf2c39dd5014984420d5bb98d7ae6a987a5
-
SHA256
28e64121b13efe27774b4734ec061af6ef7df96e9882b5f84470ed0de078ba36
-
SHA512
bd8c34a941e233433b337a813de1c2382b95d16fdf7ef5eba82fece993f722726ca7a3b635680842fd801c5675a06fad19819e35ea55db56d75ded3512ce7438
-
SSDEEP
49152:mRwHgGYbkEXCrQwPT6qPVLqR3oScZEz7nZCDqG:uwAVHykQmRYSoM7nZC7
Behavioral task
behavioral1
Sample
SuT-u.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SuT-u.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
raccoon
f26f614d4c0bc2bcd6601785661fb5cf
http://37.220.87.66/
Extracted
raccoon
�Q�M������e�
Targets
-
-
Target
SuT-u.ex_
-
Size
1024.0MB
-
MD5
bbe934b27150221d00e6df6ad67f5b87
-
SHA1
e6dc3d410c8b86e9e4bddc2daf3fc35a26889247
-
SHA256
62b16f591fd7cea398eef2123eca605545ae60401d2e5bdaf897d00da4e7f638
-
SHA512
6a9d814b9369f95745906c131e1db72f09c8cced20349b9c9b48ccfe84090cc766191e7d98be9805c5e1c3a0cd988f7b6b831c1dae0965ad7682a1afd94c60ad
-
SSDEEP
24576:ewNuU9GH8Hrgi5sWmhA8IP3b4q7W5BfwPxod0KImzcF/WkvMr73L4dbu4t1TcVfp:79GH+g8sWmhIPJ60i0Kp/rodl/TcVfp
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-