Analysis
-
max time kernel
116s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
13-05-2022 19:10
Static task
static1
Behavioral task
behavioral1
Sample
new.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
new.exe
-
Size
1.5MB
-
MD5
e7bf04dbcb6385e7c3f0562ed5f5a8fd
-
SHA1
7c5e12163101d69be28403ae6402f11defcae0f2
-
SHA256
075dc5ebf02bbcb7afbf473190e821e583779451f2328474b48c73e03070f914
-
SHA512
cbc6fdbefcd577944c773b118abd88ca7a2e6dd0c9a5f80b95a98e9b387bba578c4e30615ecaca8d8be4f530d988f679f7936ddd37addb6eb82caf4eaa5282c0
Malware Config
Extracted
Family
raccoon
Version
1.7.3
Botnet
a5cce470ad0d57aff9fa94b5ee2c0c1fc2d802af
Attributes
-
url4cnc
https://tttttt.me/baudemars
rc4.plain
rc4.plain
Signatures
-
Raccoon Stealer Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/4900-132-0x0000000000840000-0x00000000008D1000-memory.dmp family_raccoon behavioral1/memory/4900-133-0x0000000000400000-0x0000000000593000-memory.dmp family_raccoon -
suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1220 4900 WerFault.exe new.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\new.exe"C:\Users\Admin\AppData\Local\Temp\new.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 11242⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4900 -ip 49001⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4900-130-0x0000000000400000-0x0000000000593000-memory.dmpFilesize
1.6MB
-
memory/4900-131-0x0000000000929000-0x0000000000979000-memory.dmpFilesize
320KB
-
memory/4900-132-0x0000000000840000-0x00000000008D1000-memory.dmpFilesize
580KB
-
memory/4900-133-0x0000000000400000-0x0000000000593000-memory.dmpFilesize
1.6MB