General
-
Target
149c52fc9f8e8eb35411eefa46eed4e1.exe
-
Size
6.1MB
-
Sample
240131-g1fy3sdbb6
-
MD5
149c52fc9f8e8eb35411eefa46eed4e1
-
SHA1
f00cacd474f09bbd9ea2b11213635fa310920b3a
-
SHA256
9f40425e1c2ffbf71fa43966c0e1b006fe40a9d6c02f03165a7008d982cb54d0
-
SHA512
163c90383d264c10ea2fab6df36369b713a0f8a4775a94f5a905e1d3cc2b8c2ac051407a1ef7f3b3f41a7e808c39b539171d4b0f33ea49159822cf059365cfd6
-
SSDEEP
24576:XUz+4cv3r+ys6rm4xEJ2DU4yHcEUVFmCDjanwtTI:X/zv3r+y3EgVyHVCDjOwi
Static task
static1
Behavioral task
behavioral1
Sample
149c52fc9f8e8eb35411eefa46eed4e1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
149c52fc9f8e8eb35411eefa46eed4e1.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
raccoon
51aff6e9402ba30682487f3dfa017fcf
http://195.20.16.155:80
-
user_agent
MrBidenNeverKnow
Targets
-
-
Target
149c52fc9f8e8eb35411eefa46eed4e1.exe
-
Size
6.1MB
-
MD5
149c52fc9f8e8eb35411eefa46eed4e1
-
SHA1
f00cacd474f09bbd9ea2b11213635fa310920b3a
-
SHA256
9f40425e1c2ffbf71fa43966c0e1b006fe40a9d6c02f03165a7008d982cb54d0
-
SHA512
163c90383d264c10ea2fab6df36369b713a0f8a4775a94f5a905e1d3cc2b8c2ac051407a1ef7f3b3f41a7e808c39b539171d4b0f33ea49159822cf059365cfd6
-
SSDEEP
24576:XUz+4cv3r+ys6rm4xEJ2DU4yHcEUVFmCDjanwtTI:X/zv3r+y3EgVyHVCDjOwi
-
Raccoon Stealer V2 payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-