Analysis
-
max time kernel
87s -
max time network
128s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
03-12-2021 21:32
General
-
Target
6f930339242cf55f87b545fd29f8faf6b84f5828aac0322defd57f03aa7cf132.exe
-
Size
570KB
-
MD5
4c8b66d361835c2d9ea8c230e90662dd
-
SHA1
3fae7d1577820b1fc0559510bad83c9d6c63323a
-
SHA256
6f930339242cf55f87b545fd29f8faf6b84f5828aac0322defd57f03aa7cf132
-
SHA512
211b0518d29da64837d2f996f2cbb6befd8c93944a8a00d8a08675d0aec4369e447ffb7ff1d04deca77cc0e2c2c3c4f18d5e002deca998353f144aa8695d0147
Score
10/10
Malware Config
Extracted
Family
raccoon
Version
1.8.3-hotfix
Botnet
049dc5184bb65eb56e4e860bf61427e2a0fcba1e
Attributes
-
url4cnc
http://185.225.19.18/duglassa1
http://91.219.237.227/duglassa1
https://t.me/duglassa1
rc4.plain
rc4.plain
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6f930339242cf55f87b545fd29f8faf6b84f5828aac0322defd57f03aa7cf132.exe"C:\Users\Admin\AppData\Local\Temp\6f930339242cf55f87b545fd29f8faf6b84f5828aac0322defd57f03aa7cf132.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 9002⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2452-119-0x00000000005F0000-0x000000000073A000-memory.dmpFilesize
1.3MB
-
memory/2452-120-0x0000000000400000-0x000000000050F000-memory.dmpFilesize
1.1MB