Overview

overview

10

Static

static

c29a42ae9f...e5.exe

windows7_x64

10

c29a42ae9f...e5.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    14-07-2022 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c29a42ae9f3a44e8b7358e9b8fcd46e5.exe

  • Size

    6.9MB

  • MD5

    c29a42ae9f3a44e8b7358e9b8fcd46e5

  • SHA1

    cf15043518df3306562dee1fa5fb3eb4bb1a06e4

  • SHA256

    08ff05c7d5ea1a8b4af9d40deec84d56b178c043e38613081722963667f0a181

  • SHA512

    34ae6ec1618410f093940bf03312846110f51cfb0a33e5c2c6555b3710cef145b2a6936e3d4fb9d1b4651d1442b6667bf4d8f8dec058763d396f5913e8b1071c

Score
10/10
raccoon6f692affee3c8a5176ffa56f904dcc3estealer

Malware Config

Extracted

Family

raccoon

Botnet

6f692affee3c8a5176ffa56f904dcc3e

C2

http://51.195.166.175/

rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer payload 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c29a42ae9f3a44e8b7358e9b8fcd46e5.exe
    "C:\Users\Admin\AppData\Local\Temp\c29a42ae9f3a44e8b7358e9b8fcd46e5.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4924-130-0x0000000000A60000-0x000000000152B000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4924-132-0x0000000000A60000-0x000000000152B000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4924-133-0x0000000000A60000-0x000000000152B000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4924-134-0x0000000000A60000-0x000000000152B000-memory.dmp

    Filesize

    10.8MB

    Download