General
-
Target
SIackSetupWiniso.iso
-
Size
7.3MB
-
Sample
230701-h6r4zaha6x
-
MD5
05d8e1398832c2dbac7df6f687a0ca2b
-
SHA1
27ed48967dd5cf89fe5527a677f5763e00a46d85
-
SHA256
2cb5e093f5a3f66eb869547917b426a614d43fcde752f46de192a8f2f9602671
-
SHA512
3b4d33e7467961e7c000a7792655ba2a290e7c0e130116609961a2a453483ed6ad1d5dc0082659a35f65d5f2576db408847d6b0b3eb4bc38ce41d72a4d19bab2
-
SSDEEP
98304:VQG23fmewHtW7ZgPsy8WtNyDqmNiRMkJlSqxegWtIoZv082OQvG5N8pbso2x+x:CaQy86+iRM8EIegG/ZvhWrgj6
Malware Config
Extracted
raccoon
417f00e313b534b6267434933616178b
http://193.149.185.171
http://193.149.180.60
http://193.149.187.34
Targets
-
-
Target
setup.exe
-
Size
6.7MB
-
MD5
7fdff809af7d3b25c76709165a78a89e
-
SHA1
6a62910a88111aad6a22924a8e1d1a35626f6bee
-
SHA256
e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca
-
SHA512
925fbf207a628989230ccbdb16e41eb8a54c9df801e05f4a3ee71d8f66557e97fdef7453b89f50f73d8ef812edb7ff43178a367a4f1f67b901ef1972cb35f950
-
SSDEEP
98304:yQG23fmewHtW7ZgPsy8WtNyDqmNiRMkJlSqxegWtIoZv082OQvG5N8pbso2x+x:jaQy86+iRM8EIegG/ZvhWrgj6
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-