Analysis
-
max time kernel
181s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
07-03-2022 18:59
General
-
Target
FiIe__Password_1234.exe
-
Size
4.5MB
-
MD5
106c93855dfd7c139ba6e75b429e85f4
-
SHA1
7fa79747197f6c11fea67df0ca4edd3d2350888c
-
SHA256
feee37a235fbf4cf5d898b2c0d136b9024adfe43e3f8e631bb48421357170d95
-
SHA512
419f91ba424650580a591c0a7b3da358b226fa9a7a2b852f33e943f8057f5820d065d1ccf258551d3ff3ca6f7d1867250bc121833c4b77433de8aa6ce3d475c5
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
231a2bef03530ea1eb31f9ad27af7d488aca1ee8
Attributes
-
url4cnc
http://85.159.212.113/sibiusio
http://185.163.204.81/sibiusio
http://194.180.191.33/sibiusio
http://174.138.11.98/sibiusio
http://194.180.191.44/sibiusio
http://91.219.236.120/sibiusio
https://t.me/sibiusio
rc4.plain
rc4.plain
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\FiIe__Password_1234.exe"C:\Users\Admin\AppData\Local\Temp\FiIe__Password_1234.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1512-130-0x00000000007C0000-0x0000000001230000-memory.dmpFilesize
10.4MB
-
memory/2800-134-0x0000000000400000-0x0000000000493000-memory.dmpFilesize
588KB
-
memory/2800-140-0x0000000000400000-0x0000000000493000-memory.dmpFilesize
588KB