General
-
Target
PassKey-55551-CompleteFileV8.rar
-
Size
14.9MB
-
Sample
230510-16f1taae87
-
MD5
00de82c2721f4d97f728febbc4758036
-
SHA1
528eb4965630e9d051f2c2b3a9ffe6ddb78ffe75
-
SHA256
3099f11a5d7e56fd714b21b76b411de53348237257938be932ed3d4e084d487d
-
SHA512
0b9ad8446b9e06215f671875f7b845b6aaf0b3abc45b9ed022922f3a771ccfdfd97486f7d4b4188431b421076e79501b14b1b37e73e4df9076032694a6df1253
-
SSDEEP
393216:wLq2Hr2ghmHDNHhxhfSXMcgyI8cQWWoPBJl:wLq2SZj5D5Sc0cZW0J
Static task
static1
Behavioral task
behavioral1
Sample
PassKey-55551-CompleteFileV8.rar
Resource
win7-20230220-es
Behavioral task
behavioral2
Sample
PassKey-55551-CompleteFileV8.rar
Resource
win10v2004-20230220-es
Malware Config
Extracted
raccoon
ee2a3d190100b91c20d8bc284238dda6
http://94.142.138.176/
Targets
-
-
Target
PassKey-55551-CompleteFileV8.rar
-
Size
14.9MB
-
MD5
00de82c2721f4d97f728febbc4758036
-
SHA1
528eb4965630e9d051f2c2b3a9ffe6ddb78ffe75
-
SHA256
3099f11a5d7e56fd714b21b76b411de53348237257938be932ed3d4e084d487d
-
SHA512
0b9ad8446b9e06215f671875f7b845b6aaf0b3abc45b9ed022922f3a771ccfdfd97486f7d4b4188431b421076e79501b14b1b37e73e4df9076032694a6df1253
-
SSDEEP
393216:wLq2Hr2ghmHDNHhxhfSXMcgyI8cQWWoPBJl:wLq2SZj5D5Sc0cZW0J
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-