General
-
Target
NEAS.29e0fe854ed89d25625e9e7869341100.exe
-
Size
1.4MB
-
Sample
231026-gs66ased7w
-
MD5
29e0fe854ed89d25625e9e7869341100
-
SHA1
e45eb5271a2df56a2c84e6a485b2b2fb554a8a7b
-
SHA256
a2c4f2145cc4a422a010f0b98ee516e7c3aa0d1020bec2a6c3c541dc3e937c4b
-
SHA512
d1e0920cb5a5147344a44c1613cf4849f945e4f65d2ba06d469b3f6522686e50ec5154b343f6fd3edec90d5de96fc3bd53a3be381dc1715be9863bd3dcb4514a
-
SSDEEP
24576:Z4VIxoeb7o4U+3CPFwFo6in10IB3vjmbhfhg1z:Z4VIxoeQOSWFdin2IVvjm/yz
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.29e0fe854ed89d25625e9e7869341100.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.29e0fe854ed89d25625e9e7869341100.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
raccoon
5ff7bc68b712d0b2c95bc2d831e79eaf
http://45.15.156.141:80
-
user_agent
SunShineMoonLight
Targets
-
-
Target
NEAS.29e0fe854ed89d25625e9e7869341100.exe
-
Size
1.4MB
-
MD5
29e0fe854ed89d25625e9e7869341100
-
SHA1
e45eb5271a2df56a2c84e6a485b2b2fb554a8a7b
-
SHA256
a2c4f2145cc4a422a010f0b98ee516e7c3aa0d1020bec2a6c3c541dc3e937c4b
-
SHA512
d1e0920cb5a5147344a44c1613cf4849f945e4f65d2ba06d469b3f6522686e50ec5154b343f6fd3edec90d5de96fc3bd53a3be381dc1715be9863bd3dcb4514a
-
SSDEEP
24576:Z4VIxoeb7o4U+3CPFwFo6in10IB3vjmbhfhg1z:Z4VIxoeQOSWFdin2IVvjm/yz
-
Raccoon Stealer payload
-
Downloads MZ/PE file
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-