General
-
Target
005297e7c0d555822b5a6f31fcdc7661.exe
-
Size
12.4MB
-
Sample
220805-nz6axacdc5
-
MD5
005297e7c0d555822b5a6f31fcdc7661
-
SHA1
9d5f9d90a1574c333ec68dbc800cb70397a1826d
-
SHA256
6b8dac8326076b76369a8eb4e316a86a7663b597aeffe89b35e86c02aa5df4c0
-
SHA512
0b274948a9a660483d8a64170c39aeee37a8a134fc926a1adc7d9884687cfd5ef9b8c32791ad74d81454778e6ace037454b012b769eeb8367d524fc7a51b663d
Static task
static1
Behavioral task
behavioral1
Sample
005297e7c0d555822b5a6f31fcdc7661.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
005297e7c0d555822b5a6f31fcdc7661.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
raccoon
517bb0d640c1242c3f069aab3d1018d6
http://51.195.166.178/
Targets
-
-
Target
005297e7c0d555822b5a6f31fcdc7661.exe
-
Size
12.4MB
-
MD5
005297e7c0d555822b5a6f31fcdc7661
-
SHA1
9d5f9d90a1574c333ec68dbc800cb70397a1826d
-
SHA256
6b8dac8326076b76369a8eb4e316a86a7663b597aeffe89b35e86c02aa5df4c0
-
SHA512
0b274948a9a660483d8a64170c39aeee37a8a134fc926a1adc7d9884687cfd5ef9b8c32791ad74d81454778e6ace037454b012b769eeb8367d524fc7a51b663d
-
Raccoon Stealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-