Overview

overview

10

Static

static

e86f1cd73f...66.exe

windows7_x64

10

e86f1cd73f...66.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294182s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    13-03-2022 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e86f1cd73f0be7895872a04dcdfb7766.exe

  • Size

    518KB

  • MD5

    e86f1cd73f0be7895872a04dcdfb7766

  • SHA1

    3b2b9441b33ad62ffd0482fb7809751d3b9bad2a

  • SHA256

    e7add15b111b57233b6b738daa79d3be3369d2a8858618c2906b6ef1347dc2c3

  • SHA512

    8b80db7f3133be76feda9c0c05d4739018df74d763d15c8d910ebe77917fa6533bbef3c73a085219874a3d0f1c6de6260bb6bd3f0c514bf99dcfd6a2ed13baab

Score
10/10
raccoonccba3157b9f42051adf38fbb8f5d0aca7f2b7366stealersuricata

Malware Config

Extracted

Family

raccoon

Botnet

ccba3157b9f42051adf38fbb8f5d0aca7f2b7366

Attributes
  • url4cnc

    http://185.163.204.81/nui8xtgen

    http://194.180.191.33/nui8xtgen

    http://174.138.11.98/nui8xtgen

    http://194.180.191.44/nui8xtgen

    http://91.219.236.120/nui8xtgen

    https://t.me/nui8xtgen

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon
  • suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)

    suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)

    suricata
  • suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6

    suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6

    suricata
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e86f1cd73f0be7895872a04dcdfb7766.exe
    "C:\Users\Admin\AppData\Local\Temp\e86f1cd73f0be7895872a04dcdfb7766.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 408
      2⤵
      • Program crash
      PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/856-54-0x00000000005EE000-0x000000000063E000-memory.dmp
    Filesize

    320KB

    Download
  • memory/856-56-0x00000000005EE000-0x000000000063E000-memory.dmp
    Filesize

    320KB

    Download
  • memory/856-55-0x0000000075CA1000-0x0000000075CA3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/856-57-0x0000000000340000-0x00000000003D2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/856-58-0x0000000000400000-0x00000000004B2000-memory.dmp
    Filesize

    712KB

    Download