General
-
Target
RabbitCheecks.exe
-
Size
61.9MB
-
Sample
230716-hej92sde91
-
MD5
89e6f4c3a4dcc1c9058503a4e7d12da8
-
SHA1
10bfead0543c1dbb180c3d8008d937730e2b93a0
-
SHA256
d4524f9c529ffd945c789b8379116b8bb6227de2ffa045729f47a4131f3d5cfb
-
SHA512
bcc77ba4c2dd79faec3cf1ef73306cdcab539b44def8b8977090335a6544e0fe0dfb5dd176fa9597aaa761bc8d784c0408226f38a20326bd778088be114a8e00
-
SSDEEP
1572864:nm63awNI6DvUbKHV3rPWeroWc3bMw3u1QiUW7:m63REKHVbPW9WYbr/W7
Static task
static1
Behavioral task
behavioral1
Sample
RabbitCheecks.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
RabbitCheecks.exe
Resource
win10-20230703-en
Malware Config
Targets
-
-
Target
RabbitCheecks.exe
-
Size
61.9MB
-
MD5
89e6f4c3a4dcc1c9058503a4e7d12da8
-
SHA1
10bfead0543c1dbb180c3d8008d937730e2b93a0
-
SHA256
d4524f9c529ffd945c789b8379116b8bb6227de2ffa045729f47a4131f3d5cfb
-
SHA512
bcc77ba4c2dd79faec3cf1ef73306cdcab539b44def8b8977090335a6544e0fe0dfb5dd176fa9597aaa761bc8d784c0408226f38a20326bd778088be114a8e00
-
SSDEEP
1572864:nm63awNI6DvUbKHV3rPWeroWc3bMw3u1QiUW7:m63REKHVbPW9WYbr/W7
-
Detects EpsilonStealer ASAR
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-