Analysis

  • max time kernel
    140s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-05-2022 01:53

General

  • Target

    c3f193f4b5edbc7085aa15c97a4bb2e5eb65fa149198f981efbdb0df73a84e3f.exe

  • Size

    494KB

  • MD5

    3ca3f57ff7605cd9e91f07f8ad0f1f15

  • SHA1

    8cb6e34631bdc5b9e8a8c21ec82d10ef180a6549

  • SHA256

    c3f193f4b5edbc7085aa15c97a4bb2e5eb65fa149198f981efbdb0df73a84e3f

  • SHA512

    1c90e6ebbfbd89dc74c0248510caf72e3795a881a835f881ef2906fc7dd7223e79dac6dc900c4b98d93d9cb53681c2a8c360e6465dd4ac38c8bdabdbef7ddba0

Malware Config

Extracted

Family

raccoon

Botnet

42069a99036f7acbe85c9bc67fe3207cd01fb3fc

Attributes
  • url4cnc

    https://telete.in/jagressor_kz

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

  • Raccoon Stealer Payload 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3f193f4b5edbc7085aa15c97a4bb2e5eb65fa149198f981efbdb0df73a84e3f.exe
    "C:\Users\Admin\AppData\Local\Temp\c3f193f4b5edbc7085aa15c97a4bb2e5eb65fa149198f981efbdb0df73a84e3f.exe"
    1⤵
      PID:1652

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1652-54-0x00000000002C9000-0x0000000000319000-memory.dmp
      Filesize

      320KB

    • memory/1652-55-0x0000000076461000-0x0000000076463000-memory.dmp
      Filesize

      8KB

    • memory/1652-56-0x00000000002C9000-0x0000000000319000-memory.dmp
      Filesize

      320KB

    • memory/1652-57-0x0000000000CD0000-0x0000000000D60000-memory.dmp
      Filesize

      576KB

    • memory/1652-58-0x0000000000400000-0x0000000000C57000-memory.dmp
      Filesize

      8MB