General
-
Target
PassKey_55551_CompleteSetupV9.rar
-
Size
14.9MB
-
Sample
230510-16mtcscc7w
-
MD5
e9fd51eb223866cf2ef2bafc834cb21c
-
SHA1
023e452807a4d020013b4addc74ec6156527a170
-
SHA256
61c92c28313919a275926dccfb619e6d7a5b0ddc58cb9a532b6fce2a866b7c15
-
SHA512
9595142d39638038fcd113ad63ffcbfebde3b82b44f9b2bd7a9030b9d8f750a23daec7384947e5e4282cadbb70d7cfc9e58c615cc868dea747c96fe787368c71
-
SSDEEP
393216:lUPzaY+vYY1NwrnG5xLceNFsZtUURXSBbhp:l6exn1NwrnG1KvUn
Static task
static1
Behavioral task
behavioral1
Sample
PassKey_55551_CompleteSetupV9.rar
Resource
win7-20230220-es
Behavioral task
behavioral2
Sample
PassKey_55551_CompleteSetupV9.rar
Resource
win10v2004-20230220-es
Malware Config
Extracted
raccoon
ee2a3d190100b91c20d8bc284238dda6
http://94.142.138.176/
Targets
-
-
Target
PassKey_55551_CompleteSetupV9.rar
-
Size
14.9MB
-
MD5
e9fd51eb223866cf2ef2bafc834cb21c
-
SHA1
023e452807a4d020013b4addc74ec6156527a170
-
SHA256
61c92c28313919a275926dccfb619e6d7a5b0ddc58cb9a532b6fce2a866b7c15
-
SHA512
9595142d39638038fcd113ad63ffcbfebde3b82b44f9b2bd7a9030b9d8f750a23daec7384947e5e4282cadbb70d7cfc9e58c615cc868dea747c96fe787368c71
-
SSDEEP
393216:lUPzaY+vYY1NwrnG5xLceNFsZtUURXSBbhp:l6exn1NwrnG1KvUn
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-