Analysis

  • max time kernel
    189s
  • max time network
    195s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    10-05-2022 18:54

General

  • Target

    fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe

  • Size

    373KB

  • Sample

    220510-xj791afgd9

  • MD5

    7e4a9d30bf65de75262cb1bce111dfb7

  • SHA1

    5394765f6a6ce97d1450f18103291bb4eb164dc8

  • SHA256

    fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1

  • SHA512

    e5e132b10e546ed0a272c2bf27ca4517804c95e572415de7c6f4cbeeca346aa9f7127e8ed5fc1adfbe252f892c37cac9dabed6bafb968fa3918851bed86065fb

Malware Config

Extracted

Family

raccoon

Botnet

42069a99036f7acbe85c9bc67fe3207cd01fb3fc

Attributes
url4cnc
https://telete.in/jagressor_kz
rc4.plain
rc4.plain

Signatures 2

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

  • Raccoon Stealer Payload ⋅ 2 IoCs

Processes 1

  • C:\Users\Admin\AppData\Local\Temp\fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe
    "C:\Users\Admin\AppData\Local\Temp\fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe"
    PID:1940

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Replay Monitor

                          00:00 00:00

                          Downloads

                          • memory/1940-54-0x00000000759F1000-0x00000000759F3000-memory.dmp
                          • memory/1940-56-0x0000000000340000-0x00000000003D0000-memory.dmp
                          • memory/1940-55-0x00000000010EB000-0x000000000113C000-memory.dmp
                          • memory/1940-57-0x0000000000400000-0x0000000000FBA000-memory.dmp