General
-
Target
822734b7ddbe7c857f0949762da30a15cccc9c2b99b5df3236163d83b8edc568
-
Size
12.7MB
-
Sample
230404-kmka5adg89
-
MD5
4689829de199e30f231b8bebb22bc0de
-
SHA1
35a0266126b8c867ad83a1b03edd303ad8fc4644
-
SHA256
822734b7ddbe7c857f0949762da30a15cccc9c2b99b5df3236163d83b8edc568
-
SHA512
4284f318eb9b2ebf587e0d56123294d79d1701ee89fb6857423d280d6042ae4c4c27e2ea969e057468004624cb9a7bf3c8949b531c858b8cebcb1efff399b3c9
-
SSDEEP
196608:cdcW2w+rqPYBqAK3eNeTJyPRjI3HT56IeHDTKlH1KYLQON408prLfk6CByloYeF:w8ID3eNsclyznNce40m/vypqB
Static task
static1
Behavioral task
behavioral1
Sample
822734b7ddbe7c857f0949762da30a15cccc9c2b99b5df3236163d83b8edc568.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
822734b7ddbe7c857f0949762da30a15cccc9c2b99b5df3236163d83b8edc568.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
raccoon
13718a923845c0cdab8ce45c585b8d63
http://45.15.156.143/
Targets
-
-
Target
822734b7ddbe7c857f0949762da30a15cccc9c2b99b5df3236163d83b8edc568
-
Size
12.7MB
-
MD5
4689829de199e30f231b8bebb22bc0de
-
SHA1
35a0266126b8c867ad83a1b03edd303ad8fc4644
-
SHA256
822734b7ddbe7c857f0949762da30a15cccc9c2b99b5df3236163d83b8edc568
-
SHA512
4284f318eb9b2ebf587e0d56123294d79d1701ee89fb6857423d280d6042ae4c4c27e2ea969e057468004624cb9a7bf3c8949b531c858b8cebcb1efff399b3c9
-
SSDEEP
196608:cdcW2w+rqPYBqAK3eNeTJyPRjI3HT56IeHDTKlH1KYLQON408prLfk6CByloYeF:w8ID3eNsclyznNce40m/vypqB
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-