General
-
Target
a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe
-
Size
5.2MB
-
Sample
230508-3nzrbadd23
-
MD5
05a8019bdf62516860fd5396cfdf9039
-
SHA1
ec32c6865859cb524ebe7e467a9debf009df070e
-
SHA256
a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe
-
SHA512
81eba3b9f175dabf1c3f8c6fa1d1c624ab85071c37c5c632956546e620c4bfdefd9718af58f2e77855918af37da91012ed038a12bd639d07912d86c925dcde78
-
SSDEEP
98304:ukRbqulaXDtAsK9lYyImLZmB/EXVefg/+RjgN0irZRblngETx:uqTkqs0fImLIBclf/IQ0iVnngwx
Static task
static1
Behavioral task
behavioral1
Sample
a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe.exe
Resource
win7-20230220-en
Malware Config
Extracted
raccoon
03c14357f4c11f70315c3388c896998d
http://46.151.31.129
Targets
-
-
Target
a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe
-
Size
5.2MB
-
MD5
05a8019bdf62516860fd5396cfdf9039
-
SHA1
ec32c6865859cb524ebe7e467a9debf009df070e
-
SHA256
a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe
-
SHA512
81eba3b9f175dabf1c3f8c6fa1d1c624ab85071c37c5c632956546e620c4bfdefd9718af58f2e77855918af37da91012ed038a12bd639d07912d86c925dcde78
-
SSDEEP
98304:ukRbqulaXDtAsK9lYyImLZmB/EXVefg/+RjgN0irZRblngETx:uqTkqs0fImLIBclf/IQ0iVnngwx
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-