Overview

overview

10

Static

static

ee33f2ce83...81.exe

windows7_x64

10

ee33f2ce83...81.exe

windows10_x64

10

Analysis

  • max time kernel
    12s
  • max time network
    110s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    01-03-2021 22:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee33f2ce833cf19c08b614e209a76181.exe

  • Size

    478KB

  • MD5

    ee33f2ce833cf19c08b614e209a76181

  • SHA1

    ac3a9e34b89a2c209853e19d8400e3ea5ff5dbdd

  • SHA256

    094def68b3d08f93556bc544358eec1e6e63ae768fbff967a2f404cfe944e05b

  • SHA512

    4492927e51e8d84aea7a2461be643436a0a5b23f2cb87562142128b15fd2cab14812f46291f1a27d0b54a29e3b772ea11564bbed800c7f4313ed9e39dfdfd39c

Score
10/10
raccoona3a85b69314053c3bb015532d1a960a3d08baeb8stealer

Malware Config

Extracted

Family

raccoon

Botnet

a3a85b69314053c3bb015532d1a960a3d08baeb8

Attributes
  • url4cnc

    https://telete.in/baudemars

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon
  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee33f2ce833cf19c08b614e209a76181.exe
    "C:\Users\Admin\AppData\Local\Temp\ee33f2ce833cf19c08b614e209a76181.exe"
    1⤵
      PID:1032
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 1140
        2⤵
        • Suspicious use of NtCreateProcessExOtherParentProcess
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2792

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1032-2-0x0000000003040000-0x0000000003041000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1032-3-0x0000000003040000-0x00000000030D2000-memory.dmp
      Filesize

      584KB

      Download
    • memory/1032-4-0x0000000000400000-0x0000000000494000-memory.dmp
      Filesize

      592KB

      Download
    • memory/2792-5-0x00000000042D0000-0x00000000042D1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2792-6-0x00000000042D0000-0x00000000042D1000-memory.dmp
      Filesize

      4KB

      Download