Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
02-11-2021 11:54
General
-
Target
48ceb3fa642b0031027ef4a94bff577f3635c05515f11e45c7cd3a1024620ed4.exe
-
Size
431KB
-
MD5
87a5cdf223fe370ee426a231548c7ebc
-
SHA1
03f5cb68f3d6787f71f9b73a9e31272130161dda
-
SHA256
48ceb3fa642b0031027ef4a94bff577f3635c05515f11e45c7cd3a1024620ed4
-
SHA512
12c9c4dc0b3da35cb026b27c93d18c1c0376d103a1be71bd47292dd0c80c492a0237e7cddf379ea2dd7e1cc47a3f0b88b2acd4db15377cf6d80ed6dd4d7402b5
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
68e2d75238f7c69859792d206401b6bde2b2515c
Attributes
-
url4cnc
http://telegalive.top/agrybirdsgamerept
http://toptelete.top/agrybirdsgamerept
http://telegraf.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept
rc4.plain
rc4.plain
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\48ceb3fa642b0031027ef4a94bff577f3635c05515f11e45c7cd3a1024620ed4.exe"C:\Users\Admin\AppData\Local\Temp\48ceb3fa642b0031027ef4a94bff577f3635c05515f11e45c7cd3a1024620ed4.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 12202⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2756-116-0x0000000002220000-0x00000000022AE000-memory.dmpFilesize
568KB
-
memory/2756-115-0x0000000000500000-0x000000000064A000-memory.dmpFilesize
1.3MB
-
memory/2756-117-0x0000000000400000-0x0000000000491000-memory.dmpFilesize
580KB