General
-
Target
Sildur's+Basic+Shaders+v2.1+Fancy.zip
-
Size
25KB
-
Sample
230406-ycbswseg67
-
MD5
de1b9a96624dac863e7a0b01763fd72e
-
SHA1
0d3f34ae261ae15764c6813684ffad9f5c1ceafe
-
SHA256
8919b73e0d0a7c363c93c09a3fe20bed93b8d5f8020e2d30681685d201c4257a
-
SHA512
d3e86bd4e2019f61305995ae8ee14e19814a628c8a0fe7eaffe52a02cb80498d3c849339804a5c4dec72f5f33021b8d26650fe960efe54ef989e5d5a7a47d618
-
SSDEEP
384:VD8JPyIv6xbOdj6YGjUCxw9sDSU3Sc5XaE+no7uB0Cm5J28CNBC:VDmPyIv64sYGjU4w9sD/SjBoq85J2PHC
Static task
static1
Behavioral task
behavioral1
Sample
Sildur's+Basic+Shaders+v2.1+Fancy.zip
Resource
win10v2004-20230220-en
Malware Config
Extracted
raccoon
717609e6131226f92ce8ce08c34305be
http://37.220.87.66/
Targets
-
-
Target
Sildur's+Basic+Shaders+v2.1+Fancy.zip
-
Size
25KB
-
MD5
de1b9a96624dac863e7a0b01763fd72e
-
SHA1
0d3f34ae261ae15764c6813684ffad9f5c1ceafe
-
SHA256
8919b73e0d0a7c363c93c09a3fe20bed93b8d5f8020e2d30681685d201c4257a
-
SHA512
d3e86bd4e2019f61305995ae8ee14e19814a628c8a0fe7eaffe52a02cb80498d3c849339804a5c4dec72f5f33021b8d26650fe960efe54ef989e5d5a7a47d618
-
SSDEEP
384:VD8JPyIv6xbOdj6YGjUCxw9sDSU3Sc5XaE+no7uB0Cm5J28CNBC:VDmPyIv64sYGjU4w9sD/SjBoq85J2PHC
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-