General
-
Target
MDE_File_Sample_a58e7e79a6ae4cd98779c9cb8387acb0d15ab1fe.zip
-
Size
4.4MB
-
Sample
230619-h41ckacc97
-
MD5
9622d03e272aee76114cc638f24fea73
-
SHA1
7ab56e5f73a354fd98e7553b5d8034dbc96f2cf5
-
SHA256
3a3844ddad30c77a4781a774d733818db7459e03c05d089315f60f6938ab8195
-
SHA512
09d3084f67877267b117ce760fdd12f474ac9341d6a08ae82e64b5d07d372b601e69602894b3a2f58da2e88b18b735157656c52319b1f34cd0811b1f6c6d192b
-
SSDEEP
98304:OR+eyWZBY1tqfc8Dyzj009r7VXp3/oRmElvnyF7aRbLAe4mjH/YPjU:OBBvrfryv0MXp3/oRvKF2dAGQPo
Malware Config
Extracted
raccoon
d4074b8c479181b90e810443a9405f3c
http://37.220.87.44/
http://94.131.3.70/
http://83.217.11.11/
http://83.217.11.13/
http://83.217.11.14/
Targets
-
-
Target
Setup.exe
-
Size
465.5MB
-
MD5
ba1f367857d1efa868bb71681e1e1420
-
SHA1
0d7917e7808a365ec09c6a848f6d20266114a662
-
SHA256
bd8b12dcaec47b31028589aa295ab16c91278814affa1bd2664905957d472a13
-
SHA512
dc48959bd3c465a09e6df275eedf910125da1222ff253ecebde94c4f7ab93f9bbce847c90cb7a339cad2697d0ab77b61b95af54713983dfc4f7566cc0ba34d88
-
SSDEEP
49152:op6MmhLSOvvm9sgb3qq/BSGnYB7VKpKeM:oKhUrtpSGngVaM
-
Raccoon Stealer payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-