General
-
Target
838ec5f6c016c8ab0dff3fd8a8ec3c0e
-
Size
31.9MB
-
Sample
240131-f34x9aeabn
-
MD5
838ec5f6c016c8ab0dff3fd8a8ec3c0e
-
SHA1
6375bc6c829d5b034a8c9b16e8a24ea58d88a02d
-
SHA256
7130f3050718b8dc5bcf760bf129dc68da5285d058d59d27ae3f2c667c7a8809
-
SHA512
a8c132a01d64d3b8502657f987be2f535beb213b36b0a6d0e3aa713b21afca2f7e9c0ae8877e0cd6b886f09148fdc974c718128e949b03b6a379c47dd26ef9e0
-
SSDEEP
786432:FSIU2l8aiTYe63KgsXHYcTUYkaZQb0jI9E4+5kNaX1ku4:FLl8awO6gKYctkjYJD5D1p4
Static task
static1
Behavioral task
behavioral1
Sample
838ec5f6c016c8ab0dff3fd8a8ec3c0e.exe
Resource
win7-20231215-en
Malware Config
Extracted
raccoon
4bef66f8138585a66c6d2f5396aaccdae864cd1e
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
838ec5f6c016c8ab0dff3fd8a8ec3c0e
-
Size
31.9MB
-
MD5
838ec5f6c016c8ab0dff3fd8a8ec3c0e
-
SHA1
6375bc6c829d5b034a8c9b16e8a24ea58d88a02d
-
SHA256
7130f3050718b8dc5bcf760bf129dc68da5285d058d59d27ae3f2c667c7a8809
-
SHA512
a8c132a01d64d3b8502657f987be2f535beb213b36b0a6d0e3aa713b21afca2f7e9c0ae8877e0cd6b886f09148fdc974c718128e949b03b6a379c47dd26ef9e0
-
SSDEEP
786432:FSIU2l8aiTYe63KgsXHYcTUYkaZQb0jI9E4+5kNaX1ku4:FLl8awO6gKYctkjYJD5D1p4
-
Detect ZGRat V1
-
Raccoon Stealer V1 payload
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1