Overview

overview

10

Static

static

9

a8bd61f636...17.exe

windows7_x64

10

a8bd61f636...17.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-05-2022 15:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417.exe

  • Size

    720KB

  • MD5

    46fe30d98adbf89c395574c7db5f798e

  • SHA1

    91bb342409f7e90992945b80c48189a5a1c0a162

  • SHA256

    a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417

  • SHA512

    de61df6961728ffa138727ee2301083d2a4511fd96f0d425e3e9891d962af1923a6efd1fec153ec93388fadd7f547d8279436f6a935252760b419bfa4431e955

Score
10/10
raccoone5c7c06415dbd337f69c6c4ad51ec91ed9c82ab2coreentityrezer0stealer

Malware Config

Extracted

Family

raccoon

Botnet

e5c7c06415dbd337f69c6c4ad51ec91ed9c82ab2

Attributes
  • url4cnc

    https://telete.in/bgangster1

rc4.plain
rc4.plain

Signatures

  • CoreEntity .NET Packer 1 IoCs

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity
  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon
  • Raccoon Stealer Payload 6 IoCs
  • CoreCCC Packer 1 IoCs

    Detects CoreCCC packer used to load .NET malware.

  • ReZer0 packer 1 IoCs

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417.exe
    "C:\Users\Admin\AppData\Local\Temp\a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Users\Admin\AppData\Local\Temp\a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417.exe
      "{path}"
      2⤵
        PID:1920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1180-54-0x0000000000270000-0x000000000032A000-memory.dmp
      Filesize

      744KB

      Download
    • memory/1180-55-0x0000000076C81000-0x0000000076C83000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1180-56-0x0000000001D70000-0x0000000001D78000-memory.dmp
      Filesize

      32KB

      Download
    • memory/1180-57-0x0000000005B50000-0x0000000005BEA000-memory.dmp
      Filesize

      616KB

      Download
    • memory/1920-58-0x0000000000400000-0x0000000000490000-memory.dmp
      Filesize

      576KB

      Download
    • memory/1920-59-0x0000000000400000-0x0000000000490000-memory.dmp
      Filesize

      576KB

      Download
    • memory/1920-61-0x0000000000400000-0x0000000000490000-memory.dmp
      Filesize

      576KB

      Download
    • memory/1920-63-0x0000000000400000-0x0000000000490000-memory.dmp
      Filesize

      576KB

      Download
    • memory/1920-65-0x0000000000400000-0x0000000000490000-memory.dmp
      Filesize

      576KB

      Download
    • memory/1920-67-0x0000000000400000-0x0000000000490000-memory.dmp
      Filesize

      576KB

      Download
    • memory/1920-68-0x000000000043F5F5-mapping.dmp
      Download
    • memory/1920-71-0x0000000000400000-0x0000000000490000-memory.dmp
      Filesize

      576KB

      Download
    • memory/1920-72-0x0000000000400000-0x0000000000490000-memory.dmp
      Filesize

      576KB

      Download