General
-
Target
98a588f9dd8a084e828cb26d0a710859725869e8b438b79201ce1a508800fc39.bin
-
Size
186KB
-
Sample
230511-w9zvwabg9w
-
MD5
170ea3cd14c495010443b45f98027d55
-
SHA1
eda0de88cb80a413c8ffef547b5394aea793fbc2
-
SHA256
98a588f9dd8a084e828cb26d0a710859725869e8b438b79201ce1a508800fc39
-
SHA512
19964c0cb0e4dc02674c7c592b0301f71b5a27f60b5628a44937cfed06d48ed7eb5e46026dd21a1ba5bc17bcb6d00f5f3a20145ce580e0d6377aab72af4fa01e
-
SSDEEP
3072:yPMpq8utFu6OTIVVmr65cfX/82kgoD0bF1IVxGq:ykd6eI/mr+W1kY1IOq
Static task
static1
Behavioral task
behavioral1
Sample
98a588f9dd8a084e828cb26d0a710859725869e8b438b79201ce1a508800fc39.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
98a588f9dd8a084e828cb26d0a710859725869e8b438b79201ce1a508800fc39.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
raccoon
b11c37ed36597cb6d2adb8b6280a6e12
http://94.142.138.32
Targets
-
-
Target
98a588f9dd8a084e828cb26d0a710859725869e8b438b79201ce1a508800fc39.bin
-
Size
186KB
-
MD5
170ea3cd14c495010443b45f98027d55
-
SHA1
eda0de88cb80a413c8ffef547b5394aea793fbc2
-
SHA256
98a588f9dd8a084e828cb26d0a710859725869e8b438b79201ce1a508800fc39
-
SHA512
19964c0cb0e4dc02674c7c592b0301f71b5a27f60b5628a44937cfed06d48ed7eb5e46026dd21a1ba5bc17bcb6d00f5f3a20145ce580e0d6377aab72af4fa01e
-
SSDEEP
3072:yPMpq8utFu6OTIVVmr65cfX/82kgoD0bF1IVxGq:ykd6eI/mr+W1kY1IOq
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-