General
-
Target
Setup.exe
-
Size
465.5MB
-
Sample
231011-xqq93ahc28
-
MD5
ad0fa47472a35628dccde2ac28f21386
-
SHA1
cf086fb5dfd0862a05e140aef13fd0aa2f4ed9da
-
SHA256
cb12b26a8d450e3f20955430b9aff68f30bcb845065660fb51eee4cf42b92b00
-
SHA512
ae033d7be724cd712b24498c64f047b3e9ed1b8238522a090b3654fc393f8bbb9d350a1daea72084f13d47e7c0d4c16f38f03d0bdc453c66a9841a9947084f3b
-
SSDEEP
24576:0eWEQohpu0d6IfVOQqTdOEabxzJly+cktH/MQZP8LX5QTQ5z8SMg+yF3OGf8O9Cr:pHmdM8p5YL9JVD
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20230831-en
Malware Config
Extracted
raccoon
d4074b8c479181b90e810443a9405f3c
http://37.220.87.44/
http://94.131.3.70/
http://83.217.11.11/
http://83.217.11.13/
http://83.217.11.14/
-
user_agent
901785252112
Targets
-
-
Target
Setup.exe
-
Size
465.5MB
-
MD5
ad0fa47472a35628dccde2ac28f21386
-
SHA1
cf086fb5dfd0862a05e140aef13fd0aa2f4ed9da
-
SHA256
cb12b26a8d450e3f20955430b9aff68f30bcb845065660fb51eee4cf42b92b00
-
SHA512
ae033d7be724cd712b24498c64f047b3e9ed1b8238522a090b3654fc393f8bbb9d350a1daea72084f13d47e7c0d4c16f38f03d0bdc453c66a9841a9947084f3b
-
SSDEEP
24576:0eWEQohpu0d6IfVOQqTdOEabxzJly+cktH/MQZP8LX5QTQ5z8SMg+yF3OGf8O9Cr:pHmdM8p5YL9JVD
-
Raccoon Stealer payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-