Overview

overview

10

Static

static

389a9eefc4...21.exe

windows7_x64

10

389a9eefc4...21.exe

windows10_x64

10

Analysis

  • max time kernel
    134s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    15-11-2021 07:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    389a9eefc4f474dd860b86f036b99321.exe

  • Size

    500KB

  • MD5

    389a9eefc4f474dd860b86f036b99321

  • SHA1

    dedf3ba0a0a2349a7413c7c44509151c8e42ad44

  • SHA256

    dc6745de06cfe2977ca39a425619d5df9bf942d4eeb70b381d5ff2fc238cb7c1

  • SHA512

    f7e9c69e10925e95b145b6eb56925d22a3ec359f44880b6a0faaec0332e170af543033e695a689d636e01016b6836ec2da203c3ab0fc2d5d6bce662449e900dd

Score
10/10
raccoon675718a5f2ce6d3cacf6cb04a512f5637eae995fstealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

675718a5f2ce6d3cacf6cb04a512f5637eae995f

Attributes
  • url4cnc

    http://91.219.236.27/agrybirdsgamerept

    http://5.181.156.92/agrybirdsgamerept

    http://91.219.236.207/agrybirdsgamerept

    http://185.225.19.18/agrybirdsgamerept

    http://91.219.237.227/agrybirdsgamerept

    http://185.163.47.176/agrybirdsgamerept

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon

Processes

  • C:\Users\Admin\AppData\Local\Temp\389a9eefc4f474dd860b86f036b99321.exe
    "C:\Users\Admin\AppData\Local\Temp\389a9eefc4f474dd860b86f036b99321.exe"
    1⤵
      PID:1908

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1908-55-0x0000000074F01000-0x0000000074F03000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1908-57-0x0000000000300000-0x000000000038F000-memory.dmp
      Filesize

      572KB

      Download
    • memory/1908-56-0x00000000002B0000-0x00000000002FF000-memory.dmp
      Filesize

      316KB

      Download
    • memory/1908-58-0x0000000000400000-0x0000000000491000-memory.dmp
      Filesize

      580KB

      Download