Overview

overview

10

Static

static

10

MDE_File_S...fe.zip

windows10-1703-x64

1

Full_Compl...up.zip

windows10-1703-x64

1

Setup.exe

windows10-1703-x64

10

resource/L...04.dat

windows10-1703-x64

3

resource/L...05.dat

windows10-1703-x64

3

resource/L...06.dat

windows10-1703-x64

3

resource/L...07.dat

windows10-1703-x64

3

resource/L...09.dat

windows10-1703-x64

3

resource/L...0A.dat

windows10-1703-x64

3

resource/L...0B.dat

windows10-1703-x64

3

resource/L...0C.dat

windows10-1703-x64

3

resource/L...0E.dat

windows10-1703-x64

3

resource/L...10.dat

windows10-1703-x64

3

resource/L...11.dat

windows10-1703-x64

3

resource/L...12.dat

windows10-1703-x64

3

resource/L...13.dat

windows10-1703-x64

3

resource/L...14.dat

windows10-1703-x64

3

resource/L...19.dat

windows10-1703-x64

3

resource/L...1A.dat

windows10-1703-x64

3

resource/L...1D.dat

windows10-1703-x64

3

resource/L...1E.dat

windows10-1703-x64

3

resource/L...1F.dat

windows10-1703-x64

3

resource/L...24.dat

windows10-1703-x64

3

resource/L...2A.dat

windows10-1703-x64

3

resource/L...04.dat

windows10-1703-x64

3

resource/L...16.dat

windows10-1703-x64

3

resource/L...04.dat

windows10-1703-x64

3

resource/R...er.xml

windows10-1703-x64

1

resource/R...nd.xml

windows10-1703-x64

1

resource/R...al.xml

windows10-1703-x64

1

resource/R...ly.xml

windows10-1703-x64

1

resource/R...ae.xml

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MDE_File_Sample_a58e7e79a6ae4cd98779c9cb8387acb0d15ab1fe.zip

  • Size

    4.4MB

  • Sample

    230619-n2zadaeg3y

  • MD5

    70e21f89fa08e315c84f1676c970b0ff

  • SHA1

    409b20c31eaea0b7960cc84b8a185c632cc7de5d

  • SHA256

    311b3e01136c34f6121897d31cefea8a94b82d173d1022db90744064c10788b5

  • SHA512

    a626797235f20ab4339a9036feb4546596fae0e3e4c4ad12e058fa3d2df54a279f54fa34b49792f607ea54dd1bd159f2dab386a3d2e88dd33749708724d75390

  • SSDEEP

    98304:Q5yO8LFzJjO55KYlj9c49SzYt7V4LZUWlLgkiIU+tFnWE:YyzLxJjWUasz+slERytD

Score
10/10
raccoond4074b8c479181b90e810443a9405f3cevasionstealerthemidatrojan

Malware Config

Extracted

Family

raccoon

Botnet

d4074b8c479181b90e810443a9405f3c

C2

http://37.220.87.44/

http://94.131.3.70/

http://83.217.11.11/

http://83.217.11.13/

http://83.217.11.14/
xor.plain

Targets

    • Target

      MDE_File_Sample_a58e7e79a6ae4cd98779c9cb8387acb0d15ab1fe.zip

    • Size

      4.4MB

    • MD5

      70e21f89fa08e315c84f1676c970b0ff

    • SHA1

      409b20c31eaea0b7960cc84b8a185c632cc7de5d

    • SHA256

      311b3e01136c34f6121897d31cefea8a94b82d173d1022db90744064c10788b5

    • SHA512

      a626797235f20ab4339a9036feb4546596fae0e3e4c4ad12e058fa3d2df54a279f54fa34b49792f607ea54dd1bd159f2dab386a3d2e88dd33749708724d75390

    • SSDEEP

      98304:Q5yO8LFzJjO55KYlj9c49SzYt7V4LZUWlLgkiIU+tFnWE:YyzLxJjWUasz+slERytD

    Score
    1/10
    behavioral1

    • Target

      Full_Complete_Setup.zip

    • Size

      4.5MB

    • MD5

      7b19a43f64d5a38882e29caf12d8f353

    • SHA1

      a58e7e79a6ae4cd98779c9cb8387acb0d15ab1fe

    • SHA256

      635ac8a5fca65761996e5a916b119fa9dad692d038c75f12bbbfde884618c9de

    • SHA512

      851dc47932a6c2f292a72113cb1c5e0c1b8780eeab1db59377f4ecc056854b034f2caa6428f41ef29796a53898862162045170f04165ff5ab09161965487b11d

    • SSDEEP

      98304:gb0EEwrCjWIqTTdYTNO25ecw0U8AXY5UE+Slgn1M3kh5xN:aESQWrHdYTNpT/UbXD0gh5xN

    Score
    1/10
    behavioral2

    • Target

      Setup.exe

    • Size

      465.5MB

    • MD5

      ba1f367857d1efa868bb71681e1e1420

    • SHA1

      0d7917e7808a365ec09c6a848f6d20266114a662

    • SHA256

      bd8b12dcaec47b31028589aa295ab16c91278814affa1bd2664905957d472a13

    • SHA512

      dc48959bd3c465a09e6df275eedf910125da1222ff253ecebde94c4f7ab93f9bbce847c90cb7a339cad2697d0ab77b61b95af54713983dfc4f7566cc0ba34d88

    • SSDEEP

      49152:op6MmhLSOvvm9sgb3qq/BSGnYB7VKpKeM:oKhUrtpSGngVaM

    Score
    10/10
    raccoond4074b8c479181b90e810443a9405f3cevasionstealerthemidatrojan

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3

    • Target

      resource/Lang/0404.DAT

    • Size

      56KB

    • MD5

      3bbd59558325f9a33b98e4f916ac67ea

    • SHA1

      8e615e01079a6b256740d00a4677099a6e812b31

    • SHA256

      f452c4392a21e0f0f504f01d3e0afa57522d9f8d4c5413a1966430a4913625c0

    • SHA512

      bfce7cd0b7c4a07a5c5e01d17a6ee500461a395374511848005451743be48250f1fd665f10e805c0228d4784c80c03a6d0de863d2089fbb3d19b4e6a846bc3ba

    • SSDEEP

      768:wwDIfJ6pnDKYq+eWU/fp/7OJa3/4cpwTXN/BeFG9KqHlhD5vezFi6nJ+n3Ry4em5:5hKbr/7Zvh1iEK4m0E1t6YNsbfqhj

    Score
    3/10
    behavioral4

    • Target

      resource/Lang/0405.DAT

    • Size

      76KB

    • MD5

      f7232c08dc004820795813ba3937319b

    • SHA1

      f2c51130c4b0acda84aff04fd90c29618cab569b

    • SHA256

      146fd88dbc29edff5940788148ed4d7b2cdd6dd7683f5b1a74d8d8f1801e121b

    • SHA512

      36eb25087a6d3c1bfac41b19babd2361c8cf1637adc1aa6e3e7e69b6cbcea043a90721697e65537ef6b24a0a0e403660f6c64585ca9c9661738c5e1f65fed2f5

    • SSDEEP

      768:ptfqR6iK9qt8TGtNtWXlF50dSkgH9si4Rg39/WFiv2ZKIxEr1gaaDoBsEoY2OTqt:hiKAtWCJXiv2ZrErDBsEoY28D8

    Score
    3/10
    behavioral5

    • Target

      resource/Lang/0406.DAT

    • Size

      79KB

    • MD5

      283f6916469c278499e2e4a78cda3a17

    • SHA1

      b4bfb25d609b949555dc01406ce69474bc4eeef7

    • SHA256

      952220860ed2d201018be8ecc4acd7a20669193021ac710fba31cb3bb994a027

    • SHA512

      33e331ba287a5b4cf42c1f6751e05927b30305ae4556a17e362c50461d8b15f6258ab7401648294df527b311a8f62fbeb4c956aa7f55e640663e2a092056c476

    • SSDEEP

      1536:bjKfWs0l0KUmKDhE2ig5eJs14ZhJpoCNnU:/KfWs0VUmKDhE2ig5eJs14ZhJpoCNnU

    Score
    3/10
    behavioral6

    • Target

      resource/Lang/0407.DAT

    • Size

      83KB

    • MD5

      8bc6f37a9872f7376b1bb638da612b66

    • SHA1

      467cb11118f692b7cc24bc108b23c8809f8a5c1b

    • SHA256

      3379850b2fce5162469087147208bc2a6db706fe98f421ec5c7ea21fa075ca24

    • SHA512

      baf71421546e4a48c32579a28d4ac662926f5652d77886e202d3ec217df11c7aea791a60160a728be143e70cfa78431f385e9ba6d44fe8b4fe0597ef4ffe14ee

    • SSDEEP

      1536:CMHLLT87Kzj8Q0hBMXyt26i2i9/rPJ84W38MP3Q5bSf2M3uYpFVRsub2s0Sv/W:CMHLLQ7Kzj8NBMXyt26i2i9/rPJ84W3C

    Score
    3/10
    behavioral7

    • Target

      resource/Lang/0409.DAT

    • Size

      75KB

    • MD5

      f48b4619dd029228b5a8a5978dd313d1

    • SHA1

      2ccfc8a14d3b21c47ea08b8fce9ade67100ff427

    • SHA256

      6e007cd1aecdec09e09224e4f33f955ebf2949bd716ff58aae08d4fc5bfede82

    • SHA512

      593c81e775c6b50f69258803c83d59f82120d4c83dd6b6375e86f1c7aeeb6866c944348533def1dedd9a98369e81c802b73005df439aca729fbaffff53ea9bfd

    • SSDEEP

      768:Hswv0I6VKm2qGyFIxKRjZIpf9+WQwXNxkIlMFIvXpfAFiGySCGuhxYn2ucgjHkeN:qVKrsZ1ZitXY2ucgjHkB4N

    Score
    3/10
    behavioral8

    • Target

      resource/Lang/040A.DAT

    • Size

      82KB

    • MD5

      ba1d3603a25f89dd9a5be75e4c1d6670

    • SHA1

      a68eaec977b10d63841743a0c57b90de3aed1af1

    • SHA256

      d8660da2af63cde3ac6dd680b597378b2998cb72d253c7f3b6bc3754c4e9db9b

    • SHA512

      ae9dd523c1a9d4c50570f830b0150f28f5669d185392cd6766f125796c665ebee831d5113e39dc7e607c56285f78f025a79dfe9f38b468c12052c966ca64308d

    • SSDEEP

      768:SoEHr6ZK+qEmcd1kaUcSichcJVFk5uWCqjFiAPP6Zl4uqZoJT0BIfqnMqJBOBGBs:pZKs1Vmiwsya0BIfqm

    Score
    3/10
    behavioral9

    • Target

      resource/Lang/040B.DAT

    • Size

      77KB

    • MD5

      e2e4cc4969d21de735daf4aca2e64f9e

    • SHA1

      dbe1d706740808bbfef7d59a058e6c5699f48da0

    • SHA256

      3c7f0e098c88bec2244b769250e884bc7a4b9374f83da77325c02b901b0d4f62

    • SHA512

      7f92bc1756d85a924ac3c1ea66821a94e02731e681ae5a716fce48953af1e09aef0d057e471944c21efc57ff5727ae0d3f59ff19051b39d808d01395da82d829

    • SSDEEP

      1536:6nYKomEJ/1/5kwTibXIZUG3nTSOsYGZi8bbQ2vsRirTROGi:6YKomEJ/1ewTibXIZUG3nTSOsYGZi8bk

    Score
    3/10
    behavioral10

    • Target

      resource/Lang/040C.DAT

    • Size

      81KB

    • MD5

      da828fdd6596c8385106f17746d7c424

    • SHA1

      b53ac8c167812fbeef9e7c0f08d7fffab1b13e4b

    • SHA256

      2ee78065515bcf9262367bc3b6d93e4397ba86e0072edc8c2a22d99e247d416b

    • SHA512

      cb50ccf51b61dc8261efc80f02bc27af500d8da655dec840ea796922b19e5b33d77da24975766ef496a5b4ccc45003fad334a3a2b4f0992f774eba1b76599537

    • SSDEEP

      768:bFrKd6ZK8qmEVpsNEekcQC23+TRZ608pFiHNBnGxaB1bzcOjivVJqbM8LL869gi/:bZK9skBiCszcOjiv6

    Score
    3/10
    behavioral11

    • Target

      resource/Lang/040E.DAT

    • Size

      78KB

    • MD5

      aa6f43db55e537213c6fa3d954688224

    • SHA1

      12b60971edcf18bfcc86350023e5ae69563b969b

    • SHA256

      fab8df35d9501a7d72a8e5c75f858461d098289404504ba782d8c2fe8e9b13f3

    • SHA512

      264c950d3ecb93253eb6771100002238bcfdcaee9c0f692223950999d389d31797f094d22a3dc4b006347d516a4384ff00e4122477a4992fd152db1dab98a734

    • SSDEEP

      1536:Mv/2KqGSab5NhYG9eilrvVIn3Wif5z5WHy0XBDfef9u6LGJ7L18LR18Zh12NQ2jD:MvuK1Sab5NhH9hrvVIn3WifNkS0XBQ9T

    Score
    3/10
    behavioral12

    • Target

      resource/Lang/0410.DAT

    • Size

      81KB

    • MD5

      dbea90b3d5fa2e1d64614bb65fff47d7

    • SHA1

      a3f575d68df3d10df9942fa5fe115d296a8a582f

    • SHA256

      f66bec06f5a91c09c18ccf93fd428a771a5e9241e48c7e0851dc0e4ba114ffd2

    • SHA512

      7a2a1c712d403e9e7d8cf91bf5f747cd1066a82fc83638e073eac2ce403e52ec34cad07466bba70e12d931f38e83e91a0ece02aaa575590ddfb23af1fd97f5c7

    • SSDEEP

      768:jebftk+om16BKoZq1bZEYDlTCuBAZ1gjGNqIKafovhvKYv5UBSFitJrZ3s3QCU8Q:CbQBKjTE+iff8mQTCl

    Score
    3/10
    behavioral13

    • Target

      resource/Lang/0411.DAT

    • Size

      61KB

    • MD5

      70079aba3c883bd5bd646344c78b2caa

    • SHA1

      775a34cba33e9f66949efa314607a6766f75dc47

    • SHA256

      f2bd7e6d032f049b30c35825ff7dfad38f4380968fb4a57372f7b809ca26eb3f

    • SHA512

      a90be98ede2b2d60b3ce13c0fcda1fb3eff97176283d0aebefc4f6166e1bc142a499910ac46ce26c9bcf591dc0f0610e8556dd83771923b79d3e0e14871b9f74

    • SSDEEP

      768:IspCY6aqQPXTApU+pjrryCtmAWlya7BHvmvXfiKwDjrUE9q56WaNp3vHrJcrKqlB:ECLApdCKwDjrUt

    Score
    3/10
    behavioral14

    • Target

      resource/Lang/0412.DAT

    • Size

      62KB

    • MD5

      218e04403ffa53b573ce656a8c815c16

    • SHA1

      f81d9f214124b5e20455dd73f82010cdee9cbe33

    • SHA256

      de0495223c42cf286679c6aa2202b6b199c84f65acd8dc2a92f9cc7b596943c0

    • SHA512

      8bfb59a1af7b87389d4a7faa858d0de4b12b9ac17a54be64685585705f12d156b5ba305d0890fcee8b9f9354b692b5a5dd30e5e11cb569d06835d52165ab0f57

    • SSDEEP

      768:3goZW6wKMqnaircjSLv56YvwqZ9jw7IiRqFiFDJXUoMr9p0jTqVvQAL44w8anLSz:NwKxcjCa2igoMr9p0u

    Score
    3/10
    behavioral15

    • Target

      resource/Lang/0413.DAT

    • Size

      80KB

    • MD5

      4b2a03ac9ac00576e20a021c0aaf68db

    • SHA1

      a409077c2bb2e29be12067148d8fabeedad5f65f

    • SHA256

      2e9b1b251096776767a84dfe9ba273c6f5147e8a51d96e2b214ca78d2e79574f

    • SHA512

      b920677af7688556a753c2048697f421da500e68006eaf5b8fa111b582a2e5158e2d5b4bae07c849fda50a3e4bf4655cc1a7c730ca40a8d7cc196d48f7ce933a

    • SSDEEP

      1536:FpQyKFGPK41AygxZ27bPJpGyLx5+MiDUWJT4+oMLsROb/qRMc3g5SNaSp5yW+3ut:FpQyKMPKYAyW27bPJpGyLxMMiDUWJT4r

    Score
    3/10
    behavioral16

    • Target

      resource/Lang/0414.DAT

    • Size

      77KB

    • MD5

      5d75358b81bd38ce4cbc66f0bd769e5e

    • SHA1

      f6cc27c563204901f68b4075607d80b10da49fc7

    • SHA256

      1a0874beabefd2618b41cd5430c2089bad8370aad9a12b3dcfbeeb87c403ae99

    • SHA512

      d15d23df2af77be8ab3267377bd1736eac6cb51ce786d8e85a7a15d0306e1fc89b1dfc376ab7d80b3f682400113e897825196e8c611741c20c9c0c5467e7bdad

    • SSDEEP

      1536:+1ZKQ5m6KtJEu0yAqd0vN6gnZl3BiFNIykyU149kKII4q1BHf3vN29i8nu:IZKQvKjEUAqd0l66lxiFNCyU149kKIIf

    Score
    3/10
    behavioral17

    • Target

      resource/Lang/0419.DAT

    • Size

      77KB

    • MD5

      bad01b429fb00f4571553ee25c518d55

    • SHA1

      086470b808f79d6a2a1697bf08e360959420253d

    • SHA256

      7a5b08614d48a1aca51522fe5fe595cabde93e379e3c7e770ebfe33b87d6b9ea

    • SHA512

      b335931599c28b9ea17a4653540564a47012f04e79e07d691346037b60bcf5a60a2e509a427e7efe6b850e75813426ddbe84bf5f8076b23d6dfefab468caba2d

    • SSDEEP

      768:IVefqsDEFkP+6zM4KqqO94p/dljyfivB86DFJa4afyqKfFiwLKuYL17Gb0kVEQ5D:eezYS3zM4KZljJZiSb0kVEQ2BI

    Score
    3/10
    behavioral18

    • Target

      resource/Lang/041A.DAT

    • Size

      76KB

    • MD5

      3cb6f81d2afff7e23011864c5a4305ac

    • SHA1

      babb58dc552432e69e9fcafccda4e06e0854c2c5

    • SHA256

      0daa75cb8a35ea1e75862a09ec2a89af2f248a35640e4f6de3c04fb3bfc834e9

    • SHA512

      73e18955371e5e5cf6038e7969b647eec58c5799c1cda1b3720d4557166f255a09cb9431e689914c036d4bc7ea44b0adbc980df814b84beb1a6f323bdd1315f2

    • SSDEEP

      768:YZGMCpzS65K9qc8vDIWXX02oBq+XO1N9bDbB1Fi3ILufHlItgQJ1gSIbn/72q4Yn:x35KjWNiC1gSIbnjb

    Score
    3/10
    behavioral19

    • Target

      resource/Lang/041D.DAT

    • Size

      77KB

    • MD5

      74d1034ad1837233bb2e44a47e2e1052

    • SHA1

      7452588ef3eacd62c5ca1aae9380a4978bd2a570

    • SHA256

      2a9abfbfaeb022be5bef7128a2393d1229437a633a925228f363b2c3543f55ca

    • SHA512

      041640e1b0e828190e77e3db8111b075b0e0b1775ef0c60440fc9bcdfe97bbc1bc4e6085b18a13cb86ebe94e981b57bc877499df4f217bdeb8d8b79f1d3f9af0

    • SSDEEP

      1536:3v/mGKwLSExC0qFoOmDoBEfBTYERO+mbidzuOsGR5y5LEGHEJhXHNVONcIsaQTf:/ZKcSExIFoOmDoBkBTBk+8iQOsGR5y5Q

    Score
    3/10
    behavioral20

    • Target

      resource/Lang/041E.DAT

    • Size

      76KB

    • MD5

      d193c1d62d4593350418be2f67e57e77

    • SHA1

      dade8f43450912893d1c0b08d9d2f2f9eb6aeafb

    • SHA256

      4f4fc729b605349061a87ebbde44acbffe9c9974199622f0e174fde3ff7984bc

    • SHA512

      fef8954d41ad6cc9c7de80d8119efe3e09f75039cb18ff52e5e53eb8f256037222648d9e54adfee9927101557d6bcc9f78e73cba2da922ab123c91547146b6b2

    • SSDEEP

      1536:PsWgKNGKzY16/pywNrHl8wEjOiQFiJ/M/dg+YCdW9JrdD:PZgKNvBNrHl8+iAiJ/M/dg+Y8W9JxD

    Score
    3/10
    behavioral21

    • Target

      resource/Lang/041F.DAT

    • Size

      76KB

    • MD5

      6096856781e839908231c5af1bb97b77

    • SHA1

      9991466646b5d8a57e55bc869bf45255452f8b78

    • SHA256

      5c6cf245e539c7ca9345b25019d9b3761bbdb1e37ae02153137aefd32b9734f6

    • SHA512

      713546aa89533c6f525c3954845cd46d1c02bff84284b0ac9a3fb1cfb77f7c84e10c0e16fb239f45789489c79d0af0e708fc0e52fbae21a62ed01a68ca386300

    • SSDEEP

      1536:FRS5OHggK8aoIXgzvYjnYkkssG2iKGQESvT+P2rjdmADpT+ypX:FRS5OH/K3otTYjnYkFsG2iKGQESvT+PS

    Score
    3/10
    behavioral22

    • Target

      resource/Lang/0424.DAT

    • Size

      79KB

    • MD5

      7231a9b91c0812bb692a35fc4770da40

    • SHA1

      77a245599355b4457781cac9bb3bfba1d8f0f6d8

    • SHA256

      81b21fcb00ab79a44cdaf18ed15eab1dafed6f1d82e4c30977ba620bbe040083

    • SHA512

      2b3db4fa0ec432657f6eb7a8f1236a25a292b1eb9afc94adbf9dec908d61f83878295cf9b5c79447bdf92f1d4217db639624b9d21ab22da8bc666553350563f6

    • SSDEEP

      768:Yv0OD6qK8qZCkPfQxl+hbPw+161lArbQhFiwRGLBzeIkZI7ov+qpN7XU/QAw2nzm:NqK/QFiwPIkZI7oYVc

    Score
    3/10
    behavioral23

    • Target

      resource/Lang/042A.DAT

    • Size

      76KB

    • MD5

      7a93125a182b262b666af3f46ac9e002

    • SHA1

      a3dbdc1b8da66696fbbc1de6ad78d2d36b30fb73

    • SHA256

      ebcb25cf6c35e07c91ff4eb8e29506bb12874985840703f8f69feddf94c80bdd

    • SHA512

      189916167709feabce31570dcea9607e70fc330d835dd0cf31474339e82541c3dc63931ca551135039379be344dd6c6d46362e53fde05cb00f9d5bc5a6156ebe

    • SSDEEP

      768:n960BEL6KIKJqKVLHfbudYUn2E3EJwfl3eWhmXeQqhYpFisvbnKKMeL4fkpR5UsY:JEeKIKf/bud72liwn+fkpR5Ufh

    Score
    3/10
    behavioral24

    • Target

      resource/Lang/0804.DAT

    • Size

      56KB

    • MD5

      346451b6bb93b718dfcb7fc83c3335a3

    • SHA1

      fd905990effb761c087befb903670a03378f3f54

    • SHA256

      3a781feed0634615b0b1e6745ad95cf33e2bde43be30ebf753ce2c7cd31c6dbc

    • SHA512

      7106c460cba828e26ebcbe29346f359ec112e07dadaee0ae349e1782bd59d284e1c99dd628934b6138afb5b38b06cc9285115dfa29511226b0f7dd209c6c3733

    • SSDEEP

      768:1N8QEx697K/SpwbAYhhsBF5FH/joLEP3E7CxVT4enGaMilz1I+3ko/qLN4E8Wp1N:51KEzYEBwCEtinRu4E8Wp1NYlO

    Score
    3/10
    behavioral25

    • Target

      resource/Lang/0816.DAT

    • Size

      80KB

    • MD5

      b293dd97450d47b29e95d5487b96c7ea

    • SHA1

      7d74ce9206e4210131457f77f2ea7e0687e18470

    • SHA256

      622fdbc1b1489fa242cb18612540e1e9f4e8b3c8b615b5a9cfafcf9da058b142

    • SHA512

      f65e65973c937a3859daf70dd989487c518d043a93b71ea7de52fd3ca7fa9e02a75aa71341bececc35b29fb3d198f8d60c4faaecde3ad62b39b894fbdf7c346b

    • SSDEEP

      768:sGpWZ6xK3qCMvEUTCGjrEbNsCNUV/r0GynDFiIlWzkn5rcCMoPT0qP3kvLpnS2x8:XxKkTgiircCMoPn

    Score
    3/10
    behavioral26

    • Target

      resource/Lang/0C04.DAT

    • Size

      57KB

    • MD5

      62cbfa3a8872361324fa94bc30719f37

    • SHA1

      c66718cbfd09ccdf3322a12bfab60ade015964ca

    • SHA256

      77d9a7267e8e3ab39738434da9e3b2a07a43accbcd5026c818127c543cc800e5

    • SHA512

      e8b2810045b8d1d9e42bf669e77797df21c47cfa90776e7e7fb98256719e091d93e8a1eb432f0dd2e82162cf1221a4dcb91b0324729951a8f1adc48bde9f5dd0

    • SSDEEP

      768:sB6XxIffr6pRKHq+e45YN67OI/H4ckAXN5iG9Q+IlbVJnFiMdutFp4emb08WLYxd:PXDXKY4B71H+iMyFmb08WLY8RslZD1

    Score
    3/10
    behavioral27

    • Target

      resource/RedistList/Columm/bangJarfuls/bicronLoopier.xml

    • Size

      104KB

    • MD5

      5859c07707394fa84b5ccc947b971b43

    • SHA1

      c1580c89592bb3929113e8030347fc8a93505b8d

    • SHA256

      8b051b7ef0c25185d4a0d5df1b5524320dc21453d67a9de2664686f24ef556f6

    • SHA512

      0142e0f7ec43e867ddcf8f8161d24257f0577b42901e2b0bd445344fac6edf8d76fef7af380544d36dc7654724f96e28063c17aa33be0e46c95d9b9ce352cf49

    • SSDEEP

      3072:O/fgqtrWvjdt98GD/TidGOYnAstT98eAkVM59Npbayi6:Fci5tBDrrnAA98biM5RbG6

    Score
    1/10
    behavioral28

    • Target

      resource/RedistList/Columm/bangJarfuls/fullamWhealedParpend.xml

    • Size

      29KB

    • MD5

      4dc58dc1a0e1277371aee1577c668561

    • SHA1

      5ae0567719efc5ac718bad00e0e1333217e9fe10

    • SHA256

      e0c5e018488ed1d7c3f7e923b6da1b6b1160054a813cb19b88341cbcc6b02560

    • SHA512

      0f27a779d884cbd6291d3bb61c7e4798daaba50afae522625b744d51536757c69dcbbda24338645ad8a1ee4aaafc9ae8761bda0270896b0d270c1605263e8b6e

    • SSDEEP

      768:ZX9jiKFeK7iticaA4XbZhMLEcej3+9UzxV:ZN2GeOiwaQTG7ej3ecb

    Score
    1/10
    behavioral29

    • Target

      resource/RedistList/Columm/bangJarfuls/hamital.xml

    • Size

      4KB

    • MD5

      36560856e705cc3a990d60ef63106ef0

    • SHA1

      728581ff296d4775564e43595f5ddaedd917741d

    • SHA256

      2254765c5961e7fd1f0d85b71c3f713dd4fa9e2b3c2c961e67695431e4c774bf

    • SHA512

      50fef6035d74b1a980b52d68b171261f6374874ccfd34ad1f7772b05f8677401f8ca23fe808ac442581d15a877b5c6ff3687ac3d51ef78c2e2498def007be389

    • SSDEEP

      96:Xo4NtmAmzgI4mvjJnTgG5zFPZNsN7znXLLvMki:XTQAWgIH7BTgaz7NsFzMX

    Score
    1/10
    behavioral30

    • Target

      resource/RedistList/Columm/bangJarfuls/peptoneLaikHomely.xml

    • Size

      16KB

    • MD5

      35c3685cb1cbea448b6bb80d2f0cb980

    • SHA1

      1f53570fb30e6a7f34fccae715155e142a73994b

    • SHA256

      8f94b1ad86e9bd5e44fbaf6ca9f2ed45335f27b61362a1c7606fb12ed3e3d6b2

    • SHA512

      319251485f4f9bda856a97e8befd5c102b50007b4355db3984d165b649075722cba67b61cc8ce1377dd3a3681e7581c6c1fde66cfadda6139d0e4e68eb93f51e

    • SSDEEP

      192:BNWneAvIDF+KOUuV6yb0srdpIg+tM8sLxa7rGCZnaLsOZ15TXMa2Bj/dG2LmRXTe:BNWemWFzO/YK0sYg5LEHNKhCNdfYAF

    Score
    1/10
    behavioral31

    • Target

      resource/RedistList/Columm/bangJarfuls/spurreyGladsMorae.xml

    • Size

      16KB

    • MD5

      2a8993d1fbb2f830e2403e41933a3034

    • SHA1

      edd36d6e35cddb361797a0017fbb09fee61a30f3

    • SHA256

      869662697f87bedb7b7ed85e7ad014b75342ca4001710ea42042da39753d080f

    • SHA512

      3bfefe516f6682799b766369cef0ff85697725a9736ace63f67e3caa4f289cd94159a505b28b6e7066487c3cdb9193cbbfcbcff98a86d34216e11087c8b15c58

    • SSDEEP

      384:hi765v1dA+IlrtGQOuBFNHOxSoosVS5A51cgML+:g7avcPlKSixrosVn

    Score
    1/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

5
T1112

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

26
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

themidaraccoon
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

raccoond4074b8c479181b90e810443a9405f3cevasionstealerthemidatrojan
Score
10/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10