Overview

overview

10

Static

static

0879a1d945...9d.exe

windows7_x64

10

0879a1d945...9d.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    186s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    11-05-2022 02:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d.exe

  • Size

    516KB

  • MD5

    a77b9e35defc578f734e2d95f96e2a31

  • SHA1

    f33bcfb0ee9d064b2f5bc55f3a0de16391af3aaa

  • SHA256

    0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d

  • SHA512

    c456633dd2295f607e56570ce9ca7e424ba0273aa4c42589220eac2f77b603f74dc6184e638d2598bc0c384a140467c93222e9d8ee29b6b56369dced2a8d9e0a

Score
10/10
raccoon87602aad8b4abffeb6a1ca955b58feb09879eb88stealer

Malware Config

Extracted

Family

raccoon

Botnet

87602aad8b4abffeb6a1ca955b58feb09879eb88

Attributes
  • url4cnc

    https://telete.in/jhummybear11

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon
  • Raccoon Stealer Payload 4 IoCs
  • Drops startup file 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 41 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d.exe
    "C:\Users\Admin\AppData\Local\Temp\0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d.exe"
    1⤵
    • Drops startup file
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:372
    • C:\Users\Admin\AppData\Local\Temp\0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d.exe
      "C:\Users\Admin\AppData\Local\Temp\0879a1d94561690c9ce842aa49183083e72304edaf2e54650f00f262e719429d.exe"
      2⤵
        PID:508

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/372-130-0x0000000000860000-0x00000000008E6000-memory.dmp
      Filesize

      536KB

      Download
    • memory/372-131-0x0000000005910000-0x0000000005EB4000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/372-132-0x0000000005360000-0x00000000053F2000-memory.dmp
      Filesize

      584KB

      Download
    • memory/372-133-0x0000000005860000-0x00000000058FC000-memory.dmp
      Filesize

      624KB

      Download
    • memory/372-139-0x0000000006420000-0x000000000642A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/508-134-0x0000000000000000-mapping.dmp
      Download
    • memory/508-135-0x0000000000400000-0x0000000000493000-memory.dmp
      Filesize

      588KB

      Download
    • memory/508-136-0x0000000000400000-0x0000000000493000-memory.dmp
      Filesize

      588KB

      Download
    • memory/508-137-0x0000000000400000-0x0000000000493000-memory.dmp
      Filesize

      588KB

      Download
    • memory/508-138-0x0000000000400000-0x0000000000493000-memory.dmp
      Filesize

      588KB

      Download