Overview

overview

10

Static

static

8087e7532f...3a.exe

windows7_x64

10

8087e7532f...3a.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    16-11-2021 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8087e7532f6eb797de4b06949acd0d3a.exe

  • Size

    499KB

  • MD5

    8087e7532f6eb797de4b06949acd0d3a

  • SHA1

    a245c1693480608b1201ae1a45bf59ff3c484eb8

  • SHA256

    c94cb969f64eae727b1ad3b39d37216a64ec2361a8adcf3e55609b060d3e0cce

  • SHA512

    7ea806569b639e59af29bf64a25a0c5bb2d6366f8262e58aefaee8fbc39b2c5116b61436842d5890f902e1ef259d9f7d54af720f0501963f099e43ccd35fe09a

Score
10/10
raccoon675718a5f2ce6d3cacf6cb04a512f5637eae995fstealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

675718a5f2ce6d3cacf6cb04a512f5637eae995f

Attributes
  • url4cnc

    http://91.219.236.27/agrybirdsgamerept

    http://5.181.156.92/agrybirdsgamerept

    http://91.219.236.207/agrybirdsgamerept

    http://185.225.19.18/agrybirdsgamerept

    http://91.219.237.227/agrybirdsgamerept

    http://185.163.47.176/agrybirdsgamerept

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon

Processes

  • C:\Users\Admin\AppData\Local\Temp\8087e7532f6eb797de4b06949acd0d3a.exe
    "C:\Users\Admin\AppData\Local\Temp\8087e7532f6eb797de4b06949acd0d3a.exe"
    1⤵
      PID:3692

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3692-119-0x0000000002220000-0x00000000022AF000-memory.dmp
      Filesize

      572KB

      Download
    • memory/3692-118-0x0000000000600000-0x000000000064F000-memory.dmp
      Filesize

      316KB

      Download
    • memory/3692-120-0x0000000000400000-0x0000000000491000-memory.dmp
      Filesize

      580KB

      Download