Overview

overview

10

Static

static

4

Installer.exe

windows7-x64

10

Installer.exe

windows10-2004-x64

10

packages/A...er.exe

windows7-x64

1

packages/A...er.exe

windows10-2004-x64

1

packages/P...te.url

windows7-x64

1

packages/P...te.url

windows10-2004-x64

1

packages/P...el.exe

windows7-x64

1

packages/P...el.exe

windows10-2004-x64

1

packages/P...64.exe

windows7-x64

1

packages/P...64.exe

windows10-2004-x64

1

packages/P...re.dll

windows7-x64

1

packages/P...re.dll

windows10-2004-x64

1

packages/P...i).dll

windows7-x64

3

packages/P...i).dll

windows10-2004-x64

3

packages/P...Ti.dll

windows7-x64

3

packages/P...Ti.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    126s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-09-2022 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Installer.exe

  • Size

    726.0MB

  • MD5

    75445f1c9cd44d3148532ce1f02a78c3

  • SHA1

    383d5dbf5fc745cf1c3ca2bc360b55aa109ff2bb

  • SHA256

    6e3af05d0e36062681fd9b4fdb601e605b44e414689a9d61b96fbf25e439166d

  • SHA512

    910142788341d2e7b3158801214022efac1663f424fb87cf537179b2cb0e17303c688027f2f420c9096cf5ef77a19596244fa9de0edfbac65c48b0b481903960

  • SSDEEP

    98304:gGtTHVNvmnL54wqxllJ2CDJNG3Gc5Y1orJmhnZqDErjOCWHs34vtZLvCG:lH84wsJRDs21o99wWHs+DuG

Score
10/10
raccoon3efe9181f37a78f608e51162796a63f7stealer

Malware Config

Extracted

Family

raccoon

Botnet

3efe9181f37a78f608e51162796a63f7

C2

http://146.70.125.95/

rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Installer.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/428-132-0x0000000000400000-0x0000000000D5D000-memory.dmp
    Filesize

    9.4MB

    Download
  • memory/428-134-0x0000000000400000-0x0000000000D5D000-memory.dmp
    Filesize

    9.4MB

    Download
  • memory/428-135-0x0000000000400000-0x0000000000D5D000-memory.dmp
    Filesize

    9.4MB

    Download
  • memory/428-136-0x0000000000400000-0x0000000000D5D000-memory.dmp
    Filesize

    9.4MB

    Download