Overview

overview

10

Static

static

08652b2112...16.exe

windows7_x64

10

08652b2112...16.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    160s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    11-05-2022 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16.exe

  • Size

    1.6MB

  • MD5

    757e1e334fe85eee689578d50026342e

  • SHA1

    0bbb20de6c3fb428473d2c94bf4993695de77b54

  • SHA256

    08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16

  • SHA512

    3e4b19dbc28abebdc1d0a220ddbfe895e27c673a0b81d19f725fb13fad540bec4c3bbfa6541a6b84dd7771da4c94c110b71e704868ffd8aece0c799efa52258c

Score
10/10
raccoonb92a235bffa69e2c5cbe1e5e08c8f58c785cae24stealer

Malware Config

Extracted

Family

raccoon

Botnet

b92a235bffa69e2c5cbe1e5e08c8f58c785cae24

Attributes
  • url4cnc

    https://telete.in/jrubixred

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon
  • Raccoon Stealer Payload 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16.exe
    "C:\Users\Admin\AppData\Local\Temp\08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3468
    • C:\Users\Admin\AppData\Local\Temp\08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16.exe
      "C:\Users\Admin\AppData\Local\Temp\08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16.exe"
      2⤵
        PID:1956
      • C:\Users\Admin\AppData\Local\Temp\08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16.exe
        "C:\Users\Admin\AppData\Local\Temp\08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16.exe"
        2⤵
          PID:4020
        • C:\Users\Admin\AppData\Local\Temp\08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16.exe
          "C:\Users\Admin\AppData\Local\Temp\08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16.exe"
          2⤵
            PID:1476
          • C:\Users\Admin\AppData\Local\Temp\08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16.exe
            "C:\Users\Admin\AppData\Local\Temp\08652b211275d1522371646b2934547200200f7e2d8983afc645011daab4ff16.exe"
            2⤵
              PID:1332

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1332-143-0x0000000000400000-0x0000000000493000-memory.dmp
            Filesize

            588KB

            Download
          • memory/1332-142-0x0000000000400000-0x0000000000493000-memory.dmp
            Filesize

            588KB

            Download
          • memory/1332-141-0x0000000000400000-0x0000000000493000-memory.dmp
            Filesize

            588KB

            Download
          • memory/1332-140-0x0000000000400000-0x0000000000493000-memory.dmp
            Filesize

            588KB

            Download
          • memory/1332-139-0x0000000000000000-mapping.dmp
            Download
          • memory/1476-138-0x0000000000000000-mapping.dmp
            Download
          • memory/1956-136-0x0000000000000000-mapping.dmp
            Download
          • memory/3468-130-0x00000000002B0000-0x00000000003F8000-memory.dmp
            Filesize

            1.3MB

            Download
          • memory/3468-135-0x00000000062D0000-0x00000000067FC000-memory.dmp
            Filesize

            5.2MB

            Download
          • memory/3468-134-0x0000000005030000-0x000000000503A000-memory.dmp
            Filesize

            40KB

            Download
          • memory/3468-133-0x0000000004F80000-0x000000000501C000-memory.dmp
            Filesize

            624KB

            Download
          • memory/3468-132-0x0000000004EE0000-0x0000000004F72000-memory.dmp
            Filesize

            584KB

            Download
          • memory/3468-131-0x0000000005490000-0x0000000005A34000-memory.dmp
            Filesize

            5.6MB

            Download
          • memory/4020-137-0x0000000000000000-mapping.dmp
            Download