Analysis
-
max time kernel
13s -
max time network
102s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
24-02-2021 21:14
Static task
static1
Behavioral task
behavioral1
Sample
E910.tmp.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
E910.tmp.exe
Resource
win10v20201028
General
-
Target
E910.tmp.exe
-
Size
463KB
-
MD5
a1080d84ad1bb335d068c44407b8e95a
-
SHA1
78ec708c6dafcd9763d791d749c54b0b70d4881f
-
SHA256
3b984a63a50b7944b756e98cb6623256be3b8d44485c920de3686045c11b2cc6
-
SHA512
cb5c216644878f83709250bdec13948b53b64f7db9bd56b1eb062c7806e62ebdfc778f91e1c6153a84aa6e37970cab7f007d8458d05dc06c8ba4a0ae9f49ec63
Malware Config
Extracted
raccoon
9ba64f4b6fe448911470a88f09d6e7d5b92ff0ab
-
url4cnc
https://telete.in/jagressor_kz
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
E910.tmp.exepid process 4760 E910.tmp.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\LocalLow\sqlite3.dllMD5
f964811b68f9f1487c2b41e1aef576ce
SHA1b423959793f14b1416bc3b7051bed58a1034025f
SHA25683bc57dcf282264f2b00c21ce0339eac20fcb7401f7c5472c0cd0c014844e5f7
SHA512565b1a7291c6fcb63205907fcd9e72fc2e11ca945afc4468c378edba882e2f314c2ac21a7263880ff7d4b84c2a1678024c1ac9971ac1c1de2bfa4248ec0f98c4
-
memory/4760-2-0x0000000000E50000-0x0000000000E51000-memory.dmpFilesize
4KB
-
memory/4760-3-0x0000000000C50000-0x0000000000CE2000-memory.dmpFilesize
584KB
-
memory/4760-4-0x0000000000400000-0x0000000000494000-memory.dmpFilesize
592KB