Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Fxhdglrvft_JC.exe
-
Size
816KB
-
Sample
230901-tm77magb82
-
MD5
0d4d3fd81be90e306cfbbd19410b4134
-
SHA1
4c095ad2ac52fe9d4c74faa5b2e2e1c745d97d2e
-
SHA256
f588278291a1b869c7e0e713ed198607c393600515acfd60137e29bfdbfd4e9b
-
SHA512
ff8be8dabdd2ca5e07c65a6deb14ca96e5c44cf35977f221f58be91855d3e230c84b6dcec2dd5751eead0e4b05d08f9c8a7f42915591139d650c713dc5a34b4d
-
SSDEEP
12288:/jaydQ/TxFdbV+wonPGWRVc1gYnFaKVzJ3wSR8n5XhdPPMw:/uydCdbkRVc1gYnF/JJ4XDXM
Static task
static1
Behavioral task
behavioral1
Sample
Fxhdglrvft_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Fxhdglrvft_JC.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
raccoon
7f44ae0b7f2c0c657163637ea9cf5563
http://194.213.18.158:80
http://144.217.220.122:80
Targets
-
-
Target
Fxhdglrvft_JC.exe
-
Size
816KB
-
MD5
0d4d3fd81be90e306cfbbd19410b4134
-
SHA1
4c095ad2ac52fe9d4c74faa5b2e2e1c745d97d2e
-
SHA256
f588278291a1b869c7e0e713ed198607c393600515acfd60137e29bfdbfd4e9b
-
SHA512
ff8be8dabdd2ca5e07c65a6deb14ca96e5c44cf35977f221f58be91855d3e230c84b6dcec2dd5751eead0e4b05d08f9c8a7f42915591139d650c713dc5a34b4d
-
SSDEEP
12288:/jaydQ/TxFdbV+wonPGWRVc1gYnFaKVzJ3wSR8n5XhdPPMw:/uydCdbkRVc1gYnF/JJ4XDXM
-
Raccoon Stealer payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-