Overview
overview
10Static
static
3Opensea Mi...er.exe
windows7-x64
10Opensea Mi...er.exe
windows10-2004-x64
10Opensea Mi...er.bat
windows7-x64
1Opensea Mi...er.bat
windows10-2004-x64
1Opensea Mi...les.sh
ubuntu-18.04-amd64
3Opensea Mi...les.sh
debian-9-armhf
3Opensea Mi...les.sh
debian-9-mips
3Opensea Mi...les.sh
debian-9-mipsel
3Opensea Mi...es.dll
ubuntu-18.04-amd64
3Opensea Mi...es.dll
debian-9-armhf
3Opensea Mi...es.dll
debian-9-mips
3Opensea Mi...es.dll
debian-9-mipsel
3Analysis
-
max time kernel
87s -
max time network
81s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
23-12-2024 15:10
Static task
static1
Behavioral task
behavioral1
Sample
Opensea Mint/Launcher.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Opensea Mint/Launcher.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Opensea Mint/helper.bat
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Opensea Mint/helper.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Opensea Mint/install_modules.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral6
Sample
Opensea Mint/install_modules.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral7
Sample
Opensea Mint/install_modules.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral8
Sample
Opensea Mint/install_modules.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral9
Sample
Opensea Mint/libraries.dll
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral10
Sample
Opensea Mint/libraries.dll
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral11
Sample
Opensea Mint/libraries.dll
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral12
Sample
Opensea Mint/libraries.dll
Resource
debian9-mipsel-20240729-en
General
-
Target
Opensea Mint/Launcher.exe
-
Size
2.4MB
-
MD5
4cd71ee88eab1d1774584e560dd05a5e
-
SHA1
e359c0e8fe530d3bca70a3eecaed20df051d0e75
-
SHA256
2318aab19d001baa674543b6fef1626ae23731f38ceaee3babcc643c9ae88a1f
-
SHA512
7e46d2dcc44dd5b65c6a2857d08fa1226b6df69c089261c894096343c0a868b2e0d6965e7d1ea5c69336c6846a2dfe56736912f497ae7640fbf264859aecf166
-
SSDEEP
49152:GN7fb+/XdfVsLbFBPDpwEITsHMBXQJw0wKW6XdvPOB:GZC/t9CAEITsHMKw0FWuvG
Malware Config
Extracted
raccoon
7af9c6169887d79cc4d744abe122c9c2
http://213.252.247.130/
http://213.252.247.152/
-
user_agent
mozzzzzzzzzzz
Signatures
-
Raccoon Stealer V2 payload 10 IoCs
resource yara_rule behavioral1/memory/2172-4-0x00000000011C0000-0x0000000001B54000-memory.dmp family_raccoon_v2 behavioral1/memory/2172-6-0x00000000011C0000-0x0000000001B54000-memory.dmp family_raccoon_v2 behavioral1/memory/2172-7-0x00000000011C0000-0x0000000001B54000-memory.dmp family_raccoon_v2 behavioral1/memory/2172-8-0x00000000011C0000-0x0000000001B54000-memory.dmp family_raccoon_v2 behavioral1/memory/2172-9-0x00000000011C0000-0x0000000001B54000-memory.dmp family_raccoon_v2 behavioral1/memory/2172-10-0x00000000011C0000-0x0000000001B54000-memory.dmp family_raccoon_v2 behavioral1/memory/2172-11-0x00000000011C0000-0x0000000001B54000-memory.dmp family_raccoon_v2 behavioral1/memory/2172-12-0x00000000011C0000-0x0000000001B54000-memory.dmp family_raccoon_v2 behavioral1/memory/2172-13-0x00000000011C0000-0x0000000001B54000-memory.dmp family_raccoon_v2 behavioral1/memory/2172-15-0x00000000011C0000-0x0000000001B54000-memory.dmp family_raccoon_v2 -
Raccoon family
-
Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
pid Process 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Launcher.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe 2172 Launcher.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2172 Launcher.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Opensea Mint\Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Opensea Mint\Launcher.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2172