Overview

overview

10

Static

static

9

a8bd61f636...17.exe

windows7_x64

10

a8bd61f636...17.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    24-05-2022 15:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417.exe

  • Size

    720KB

  • MD5

    46fe30d98adbf89c395574c7db5f798e

  • SHA1

    91bb342409f7e90992945b80c48189a5a1c0a162

  • SHA256

    a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417

  • SHA512

    de61df6961728ffa138727ee2301083d2a4511fd96f0d425e3e9891d962af1923a6efd1fec153ec93388fadd7f547d8279436f6a935252760b419bfa4431e955

Score
10/10
raccoone5c7c06415dbd337f69c6c4ad51ec91ed9c82ab2stealer

Malware Config

Extracted

Family

raccoon

Botnet

e5c7c06415dbd337f69c6c4ad51ec91ed9c82ab2

Attributes
  • url4cnc

    https://telete.in/bgangster1

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon
  • Raccoon Stealer Payload 4 IoCs
  • CoreCCC Packer 1 IoCs

    Detects CoreCCC packer used to load .NET malware.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417.exe
    "C:\Users\Admin\AppData\Local\Temp\a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4580
    • C:\Users\Admin\AppData\Local\Temp\a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417.exe
      "{path}"
      2⤵
        PID:4328
      • C:\Users\Admin\AppData\Local\Temp\a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417.exe
        "{path}"
        2⤵
          PID:1768
        • C:\Users\Admin\AppData\Local\Temp\a8bd61f636a4840af87c9733790271bcc120a43cd216da3f2e901bf5a9867417.exe
          "{path}"
          2⤵
            PID:3760

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1768-136-0x0000000000000000-mapping.dmp
          Download
        • memory/3760-137-0x0000000000000000-mapping.dmp
          Download
        • memory/3760-138-0x0000000000400000-0x0000000000490000-memory.dmp
          Filesize

          576KB

          Download
        • memory/3760-139-0x0000000000400000-0x0000000000490000-memory.dmp
          Filesize

          576KB

          Download
        • memory/3760-140-0x0000000000400000-0x0000000000490000-memory.dmp
          Filesize

          576KB

          Download
        • memory/3760-141-0x0000000000400000-0x0000000000490000-memory.dmp
          Filesize

          576KB

          Download
        • memory/4328-135-0x0000000000000000-mapping.dmp
          Download
        • memory/4580-130-0x0000000000510000-0x00000000005CA000-memory.dmp
          Filesize

          744KB

          Download
        • memory/4580-131-0x00000000055B0000-0x0000000005B54000-memory.dmp
          Filesize

          5.6MB

          Download
        • memory/4580-132-0x0000000005000000-0x0000000005092000-memory.dmp
          Filesize

          584KB

          Download
        • memory/4580-133-0x0000000004F80000-0x0000000004F8A000-memory.dmp
          Filesize

          40KB

          Download
        • memory/4580-134-0x00000000086F0000-0x000000000878C000-memory.dmp
          Filesize

          624KB

          Download