Overview

overview

10

Static

static

e86f1cd73f...66.exe

windows7_x64

10

e86f1cd73f...66.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    134s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    13-03-2022 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e86f1cd73f0be7895872a04dcdfb7766.exe

  • Size

    518KB

  • MD5

    e86f1cd73f0be7895872a04dcdfb7766

  • SHA1

    3b2b9441b33ad62ffd0482fb7809751d3b9bad2a

  • SHA256

    e7add15b111b57233b6b738daa79d3be3369d2a8858618c2906b6ef1347dc2c3

  • SHA512

    8b80db7f3133be76feda9c0c05d4739018df74d763d15c8d910ebe77917fa6533bbef3c73a085219874a3d0f1c6de6260bb6bd3f0c514bf99dcfd6a2ed13baab

Score
10/10
raccoonccba3157b9f42051adf38fbb8f5d0aca7f2b7366stealersuricata

Malware Config

Extracted

Family

raccoon

Botnet

ccba3157b9f42051adf38fbb8f5d0aca7f2b7366

Attributes
  • url4cnc

    http://185.163.204.81/nui8xtgen

    http://194.180.191.33/nui8xtgen

    http://174.138.11.98/nui8xtgen

    http://194.180.191.44/nui8xtgen

    http://91.219.236.120/nui8xtgen

    https://t.me/nui8xtgen

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon
  • suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)

    suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)

    suricata
  • suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6

    suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6

    suricata
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e86f1cd73f0be7895872a04dcdfb7766.exe
    "C:\Users\Admin\AppData\Local\Temp\e86f1cd73f0be7895872a04dcdfb7766.exe"
    1⤵
      PID:1664
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 840
        2⤵
        • Program crash
        PID:3220
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1664 -ip 1664
      1⤵
        PID:816

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1664-130-0x00000000005E9000-0x0000000000639000-memory.dmp
        Filesize

        320KB

        Download
      • memory/1664-131-0x00000000005E9000-0x0000000000639000-memory.dmp
        Filesize

        320KB

        Download
      • memory/1664-132-0x00000000021F0000-0x0000000002282000-memory.dmp
        Filesize

        584KB

        Download
      • memory/1664-133-0x0000000000400000-0x00000000004B2000-memory.dmp
        Filesize

        712KB

        Download