blister | fc10619c7cb6b5de6ba8f58fd3ff889045ef77ea4cde4de7c5f313dbef1a7bc3 | Triage

Submit
Reports

Overview

overview

Static

static

af175128a8...bd.exe

windows7-x64

af175128a8...bd.exe

windows10-2004-x64

$TEMP/lib_...ef.dll

windows7-x64

$TEMP/lib_...ef.dll

windows10-2004-x64

Sharing

General

Target

af175128a823db1274fc244d8f5a46bd
Size

16.6MB
Sample

240229-wa7fnsga3s
MD5

af175128a823db1274fc244d8f5a46bd
SHA1

9d67400fb5818a6c573c36eac8650458d7f1d07e
SHA256

fc10619c7cb6b5de6ba8f58fd3ff889045ef77ea4cde4de7c5f313dbef1a7bc3
SHA512

2fbd782242a4e57c2563cf4eb46d0bfca337839f126b93eca96a8c9a06377034336770c368da0c703ed2d7907f49d75b722dc688c461de1000e46c32368fe19f
SSDEEP

393216:7Q4l1FoGr1o4X3LKq/LnF+aOeuKAxt9zpaz3y6Jqx5mDsLOVEi:7Q4l1Fo455LnVupJpa2ADsKVT

Score

10^/10

blister raccoon 6f477b98912ea3958a37585999397f4fbda5dc46 loader stealer vmprotect

Static task

static1

loader vmprotect blister

5 signatures

Behavioral task

behavioral1

Sample

af175128a823db1274fc244d8f5a46bd.exe

Resource

win7-20240221-en

blister raccoon 6f477b98912ea3958a37585999397f4fbda5dc46 loader stealer vmprotect

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

af175128a823db1274fc244d8f5a46bd.exe

Resource

win10v2004-20240226-en

blister raccoon 6f477b98912ea3958a37585999397f4fbda5dc46 loader stealer vmprotect

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral3

Sample

$TEMP/lib_npp/libcef.dll

Resource

win7-20240221-en

blister loader vmprotect

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

$TEMP/lib_npp/libcef.dll

Resource

win10v2004-20240226-en

blister loader vmprotect

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

6f477b98912ea3958a37585999397f4fbda5dc46

Attributes

url4cnc
https://telete.in/chelmedvedosvin1

rc4.plain

rc4.plain

Targets

- Target
  
  af175128a823db1274fc244d8f5a46bd
- Size
  
  16.6MB
- MD5
  
  af175128a823db1274fc244d8f5a46bd
- SHA1
  
  9d67400fb5818a6c573c36eac8650458d7f1d07e
- SHA256
  
  fc10619c7cb6b5de6ba8f58fd3ff889045ef77ea4cde4de7c5f313dbef1a7bc3
- SHA512
  
  2fbd782242a4e57c2563cf4eb46d0bfca337839f126b93eca96a8c9a06377034336770c368da0c703ed2d7907f49d75b722dc688c461de1000e46c32368fe19f
- SSDEEP
  
  393216:7Q4l1FoGr1o4X3LKq/LnF+aOeuKAxt9zpaz3y6Jqx5mDsLOVEi:7Q4l1Fo455LnVupJpa2ADsKVT
Score

10^/10

blister raccoon 6f477b98912ea3958a37585999397f4fbda5dc46 loader stealer vmprotect
- BLISTER
  BLISTER is a downloader used to deliver other malware families.
  loader blister
- Detect Blister loader x32
  loader
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $TEMP/lib_npp/libcef.dll
- Size
  
  29.8MB
- MD5
  
  0e8f94415c1e7694cb6b88bbf17f9339
- SHA1
  
  df8be7a1694144e1613300c9e60da321b49fdd79
- SHA256
  
  c1e6d8d159d05d34b6d97ff8629c0a266dd7b7c0665f19a5defc33aaa307f5e2
- SHA512
  
  9f09399507b41c50a9838c1a26debcc3a405cc8c2191bbb7ef6d8b52ce443e532ae90ddd03a1f6a0eb50b2e8cd6b42a542872e8d717353692f0ecd82fef1b7ff
- SSDEEP
  
  786432:u7GbWhs7Bcgr7wOw/2jt+KOY5rr4/ITehQ57c/RO2Tp7XvQT5:NbWhs7Bcgr7wtKt+KOY5rr4/ITeyc/RK
Score

10^/10

blister loader vmprotect
- BLISTER
  BLISTER is a downloader used to deliver other malware families.
  loader blister
- Detect Blister loader x32
  loader
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

loadervmprotectblister

behavioral1

blisterraccoon6f477b98912ea3958a37585999397f4fbda5dc46loaderstealervmprotect

behavioral2

blisterraccoon6f477b98912ea3958a37585999397f4fbda5dc46loaderstealervmprotect

behavioral3

blisterloadervmprotect

behavioral4

blisterloadervmprotect

© 2018-2024

Terms | Privacy