Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    10-05-2022 18:54

General

  • Target

    fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe

  • Size

    373KB

  • MD5

    7e4a9d30bf65de75262cb1bce111dfb7

  • SHA1

    5394765f6a6ce97d1450f18103291bb4eb164dc8

  • SHA256

    fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1

  • SHA512

    e5e132b10e546ed0a272c2bf27ca4517804c95e572415de7c6f4cbeeca346aa9f7127e8ed5fc1adfbe252f892c37cac9dabed6bafb968fa3918851bed86065fb

Malware Config

Extracted

Family

raccoon

Botnet

42069a99036f7acbe85c9bc67fe3207cd01fb3fc

Attributes
url4cnc
https://telete.in/jagressor_kz
rc4.plain
rc4.plain

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

  • Raccoon Stealer Payload ⋅ 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe
    "C:\Users\Admin\AppData\Local\Temp\fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe"
    PID:948

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Replay Monitor

                          00:00 00:00

                          Downloads

                          • memory/948-130-0x0000000001119000-0x0000000001169000-memory.dmp
                          • memory/948-131-0x0000000001050000-0x00000000010E0000-memory.dmp
                          • memory/948-132-0x0000000000400000-0x0000000000FBA000-memory.dmp