Overview

overview

10

Static

static

1157719080.EXE

windows7_x64

10

1157719080.EXE

windows10_x64

10

Resubmissions

27-02-2020 14:31

200227-bkpn15vpg2 10

21-02-2020 16:28

200221-rpakr52wfa 10

20-02-2020 19:36

200220-tp5ealxpvx 10

Analysis

  • max time kernel
    110s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10v200217
  • submitted
    27-02-2020 14:31

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1157719080.EXE

  • Size

    878KB

  • MD5

    7e70e99390a74ad36bfd7b82f8f6df7e

  • SHA1

    404d5850b8967259d778c796a0720abe35018d98

  • SHA256

    09f6673d04fa445820e1279aa202acde6e33066f2bfb135dd6458fe41398a222

  • SHA512

    c31f71dae0624f30ff1f23640168a769dfb14ff7f8cabf01aa0a3ae4465b1e56f67a12c9bf84b39bb24897ea25ad4144253be2f50ffb640a008e1fcfbaf48226

Score
10/10
stealerraccoon

Malware Config

Extracted

Family

raccoon

Botnet

3dbd762906e1b32ddcb1ca61554f89c2f5686d2c

C2

http://34.90.199.36/gate/log.php

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=1-sIY2_CjYF5N7Cc4kIq7R17orSgXQ5Y6

rc4.plain
rc4.plain

Signatures

  • Suspicious use of WriteProcessMemory 5 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon

Processes

  • C:\Users\Admin\AppData\Local\Temp\1157719080.EXE
    "C:\Users\Admin\AppData\Local\Temp\1157719080.EXE"
    1⤵
    • Suspicious use of WriteProcessMemory
    • Suspicious use of SetThreadContext
    PID:3840
    • C:\Users\Admin\AppData\Local\Temp\1157719080.EXE
      "C:\Users\Admin\AppData\Local\Temp\1157719080.EXE"
      2⤵
        PID:3864

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3864-0-0x0000000000400000-0x0000000000489000-memory.dmp

      Filesize

      548KB

      Download

    • memory/3864-1-0x0000000000400000-0x0000000000489000-memory.dmp

      Filesize

      548KB

      Download