General
-
Target
birge.exe
-
Size
3.1MB
-
Sample
230509-l4p4dahc2x
-
MD5
6d8729a82c547353a8e2380f08c04523
-
SHA1
e15684c88cf5346f58d526f0340703cd19bbc4d7
-
SHA256
7b542e25530dfb3ba4694b7d3ce40265ddd6b5fae01dfb69a59eaca2e0bbc31c
-
SHA512
f078f14432e56890e6d4c340aa53784ef5e22dc0e7d33779b018536696cb28bd1fa1ec4c728157b51156e2e9dcdfe79e00d9357b343bbb4029b48116a7a35975
-
SSDEEP
98304:JWdw7HQvlRH86i1PMVIhkaHzPGiHFzkZA0sM:PIvpiMukaTGiHxx0l
Malware Config
Extracted
raccoon
fc8427198f843d72c1aa8a66db1a98f3
http://193.149.180.192/
Targets
-
-
Target
birge.exe
-
Size
3.1MB
-
MD5
6d8729a82c547353a8e2380f08c04523
-
SHA1
e15684c88cf5346f58d526f0340703cd19bbc4d7
-
SHA256
7b542e25530dfb3ba4694b7d3ce40265ddd6b5fae01dfb69a59eaca2e0bbc31c
-
SHA512
f078f14432e56890e6d4c340aa53784ef5e22dc0e7d33779b018536696cb28bd1fa1ec4c728157b51156e2e9dcdfe79e00d9357b343bbb4029b48116a7a35975
-
SSDEEP
98304:JWdw7HQvlRH86i1PMVIhkaHzPGiHFzkZA0sM:PIvpiMukaTGiHxx0l
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Uses the VBS compiler for execution
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-