General
-
Target
b8406c0265685a3472517f1b8b5d514b.exe
-
Size
2.1MB
-
Sample
230405-16r33sbh5z
-
MD5
b8406c0265685a3472517f1b8b5d514b
-
SHA1
1c94df97a4580e48860b5d8b543f3ef5b6f5c0d7
-
SHA256
b242612fab32f3a2bc44033c804e586a12fd450795ba68510a32c67059b6d7b1
-
SHA512
ebb457e8e4cafa9e0197e235f029b3a67ba1136e93440d638f26251a2a71b120be788579468f56ab271222b42006ddb54979aaa8cd99a652ba84bee7bf382586
-
SSDEEP
49152:NJ4HLiAIg8bZGZLggVaa6acVbId2cD/ki+aHT+:NJ4HWBXALg+56pkd2+/kl4T+
Static task
static1
Behavioral task
behavioral1
Sample
b8406c0265685a3472517f1b8b5d514b.exe
Resource
win7-20230220-en
Malware Config
Extracted
gcleaner
45.12.253.56
45.12.253.72
45.12.253.98
45.12.253.75
Extracted
raccoon
81620d6b0f6e4fbb3048818577e1f9be
http://91.201.115.148
Targets
-
-
Target
b8406c0265685a3472517f1b8b5d514b.exe
-
Size
2.1MB
-
MD5
b8406c0265685a3472517f1b8b5d514b
-
SHA1
1c94df97a4580e48860b5d8b543f3ef5b6f5c0d7
-
SHA256
b242612fab32f3a2bc44033c804e586a12fd450795ba68510a32c67059b6d7b1
-
SHA512
ebb457e8e4cafa9e0197e235f029b3a67ba1136e93440d638f26251a2a71b120be788579468f56ab271222b42006ddb54979aaa8cd99a652ba84bee7bf382586
-
SSDEEP
49152:NJ4HLiAIg8bZGZLggVaa6acVbId2cD/ki+aHT+:NJ4HWBXALg+56pkd2+/kl4T+
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-