Analysis
-
max time kernel
119s -
max time network
135s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
21-10-2021 22:01
General
-
Target
abea1dc63f9419bc504c6b38efc140dbd5da184da785cc128c45f39722d50744.exe
-
Size
513KB
-
MD5
94b576115c7f0fe5c3aed538b6258694
-
SHA1
d8e7fd08729ae71d477bb70bca2641dbb519799f
-
SHA256
abea1dc63f9419bc504c6b38efc140dbd5da184da785cc128c45f39722d50744
-
SHA512
a27afd390b8a9ce84d558037f05a3b73edc37657f5df63522e44c851d42f77aa373b52dfc9ceda2cc3a054ebf3cec2d8dda1da69d429d9d6f7f9d81c0e623d99
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
7ebf9b416b72a203df65383eec899dc689d2c3d7
Attributes
-
url4cnc
http://telegatt.top/agrybirdsgamerept
http://telegka.top/agrybirdsgamerept
http://telegin.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept
rc4.plain
rc4.plain
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\abea1dc63f9419bc504c6b38efc140dbd5da184da785cc128c45f39722d50744.exe"C:\Users\Admin\AppData\Local\Temp\abea1dc63f9419bc504c6b38efc140dbd5da184da785cc128c45f39722d50744.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 9842⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2804-115-0x0000000003280000-0x00000000032CE000-memory.dmpFilesize
312KB
-
memory/2804-116-0x0000000004BA0000-0x0000000004C2E000-memory.dmpFilesize
568KB
-
memory/2804-117-0x0000000000400000-0x0000000002F47000-memory.dmpFilesize
43.3MB