Overview

overview

10

Static

static

b9665d554c...0b.exe

windows7-x64

10

b9665d554c...0b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/10/2022, 07:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b9665d554c54a4ca7bbe5f9a1557840b.exe

  • Size

    267KB

  • MD5

    b9665d554c54a4ca7bbe5f9a1557840b

  • SHA1

    ef9ba93415d447480510678b9e225521377ec356

  • SHA256

    25a2ad72aef6a19565b293099b3c2458c458f2f043aeaa9865a69ea447803d10

  • SHA512

    28b25dedbd695ddd6a28875357d9c6d3306e1e8ae2383db3eda20319eabb2cc2ff9afbe49e9680917a9644d511c11e485526e4f81ca6827dcbdb69741798661a

  • SSDEEP

    3072:CXNT4sZcH1E9TCqxMm5d9+1o9m98ZHEGyelb773foTb5xpJf/cVggjcGkNIVqIxs:CN4qCqv+1onmGlLQ/To7ITsqeOXO

Score
10/10
raccoonsmokeloader17aad1e8aa2ca5164d7690cff19263909333547b6d5c69ea798fd93c66d78435backdoorstealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

9333547b6d5c69ea798fd93c66d78435

C2

http://45.15.156.27

rc4.plain

Extracted

Family

raccoon

Botnet

17aad1e8aa2ca5164d7690cff1926390

C2

http://45.15.156.27

rc4.plain

Signatures

  • Detects Smokeloader packer 1 IoCs
  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 6 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9665d554c54a4ca7bbe5f9a1557840b.exe
    "C:\Users\Admin\AppData\Local\Temp\b9665d554c54a4ca7bbe5f9a1557840b.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:396
  • C:\Users\Admin\AppData\Local\Temp\E7B0.exe
    C:\Users\Admin\AppData\Local\Temp\E7B0.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Users\Admin\AppData\Local\Temp\E7B0.exe
      C:\Users\Admin\AppData\Local\Temp\E7B0.exe
      2⤵
      • Executes dropped EXE
      PID:3672
  • C:\Users\Admin\AppData\Local\Temp\F146.exe
    C:\Users\Admin\AppData\Local\Temp\F146.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Users\Admin\AppData\Local\Temp\F146.exe
      C:\Users\Admin\AppData\Local\Temp\F146.exe
      2⤵
      • Executes dropped EXE
      PID:1472
    • C:\Users\Admin\AppData\Local\Temp\F146.exe
      C:\Users\Admin\AppData\Local\Temp\F146.exe
      2⤵
      • Executes dropped EXE
      PID:1660
    • C:\Users\Admin\AppData\Local\Temp\F146.exe
      C:\Users\Admin\AppData\Local\Temp\F146.exe
      2⤵
      • Executes dropped EXE
      PID:2816
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:2300
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:2808
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:3040
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:4332
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:1780
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:4068
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:420
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:1952
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:2560

                    Network

                          MITRE ATT&CK Enterprise v6

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Temp\E7B0.exe
                            Filesize

                            1.7MB

                            MD5

                            59e6ae2daaac8abe9114332579cd538a

                            SHA1

                            0c86ba175f41b9edb80efef93661630359a0ea1f

                            SHA256

                            6f5b2414ba7a3da9de80b6dd8967a89d1b7fd16bd2b44974ce856b06db4f8375

                            SHA512

                            22ec2cd1cf84ba60e5ae8ff1cbbd8ed8a4182c107dad23550246f92b0f42748f6f4edefe47f7529d9e150bde89d3c057dc95a6e6435e55f50a0adf981b824d53

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\E7B0.exe
                            Filesize

                            1.7MB

                            MD5

                            59e6ae2daaac8abe9114332579cd538a

                            SHA1

                            0c86ba175f41b9edb80efef93661630359a0ea1f

                            SHA256

                            6f5b2414ba7a3da9de80b6dd8967a89d1b7fd16bd2b44974ce856b06db4f8375

                            SHA512

                            22ec2cd1cf84ba60e5ae8ff1cbbd8ed8a4182c107dad23550246f92b0f42748f6f4edefe47f7529d9e150bde89d3c057dc95a6e6435e55f50a0adf981b824d53

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\E7B0.exe
                            Filesize

                            1.7MB

                            MD5

                            59e6ae2daaac8abe9114332579cd538a

                            SHA1

                            0c86ba175f41b9edb80efef93661630359a0ea1f

                            SHA256

                            6f5b2414ba7a3da9de80b6dd8967a89d1b7fd16bd2b44974ce856b06db4f8375

                            SHA512

                            22ec2cd1cf84ba60e5ae8ff1cbbd8ed8a4182c107dad23550246f92b0f42748f6f4edefe47f7529d9e150bde89d3c057dc95a6e6435e55f50a0adf981b824d53

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\F146.exe
                            Filesize

                            1.7MB

                            MD5

                            072c7358e3063d7d496d20984dd4623e

                            SHA1

                            c284ecd404bca789b7e29db438c4bfa0a644395d

                            SHA256

                            6f11bd3b87909f711d2a11f329876c4a822ee2d4a73627deafa8d77016866f3f

                            SHA512

                            90b67db15654b3a77de76f242a3d95b44ff3bc5db41958cc78fa76a1e072df27e4a6390e03c4f7211d63ee82136a3a1bd1729a0b732cd119a372ae9f569404ba

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\F146.exe
                            Filesize

                            1.7MB

                            MD5

                            072c7358e3063d7d496d20984dd4623e

                            SHA1

                            c284ecd404bca789b7e29db438c4bfa0a644395d

                            SHA256

                            6f11bd3b87909f711d2a11f329876c4a822ee2d4a73627deafa8d77016866f3f

                            SHA512

                            90b67db15654b3a77de76f242a3d95b44ff3bc5db41958cc78fa76a1e072df27e4a6390e03c4f7211d63ee82136a3a1bd1729a0b732cd119a372ae9f569404ba

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\F146.exe
                            Filesize

                            1.7MB

                            MD5

                            072c7358e3063d7d496d20984dd4623e

                            SHA1

                            c284ecd404bca789b7e29db438c4bfa0a644395d

                            SHA256

                            6f11bd3b87909f711d2a11f329876c4a822ee2d4a73627deafa8d77016866f3f

                            SHA512

                            90b67db15654b3a77de76f242a3d95b44ff3bc5db41958cc78fa76a1e072df27e4a6390e03c4f7211d63ee82136a3a1bd1729a0b732cd119a372ae9f569404ba

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\F146.exe
                            Filesize

                            1.7MB

                            MD5

                            072c7358e3063d7d496d20984dd4623e

                            SHA1

                            c284ecd404bca789b7e29db438c4bfa0a644395d

                            SHA256

                            6f11bd3b87909f711d2a11f329876c4a822ee2d4a73627deafa8d77016866f3f

                            SHA512

                            90b67db15654b3a77de76f242a3d95b44ff3bc5db41958cc78fa76a1e072df27e4a6390e03c4f7211d63ee82136a3a1bd1729a0b732cd119a372ae9f569404ba

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\F146.exe
                            Filesize

                            1.7MB

                            MD5

                            072c7358e3063d7d496d20984dd4623e

                            SHA1

                            c284ecd404bca789b7e29db438c4bfa0a644395d

                            SHA256

                            6f11bd3b87909f711d2a11f329876c4a822ee2d4a73627deafa8d77016866f3f

                            SHA512

                            90b67db15654b3a77de76f242a3d95b44ff3bc5db41958cc78fa76a1e072df27e4a6390e03c4f7211d63ee82136a3a1bd1729a0b732cd119a372ae9f569404ba

                            Download Submit

                          • memory/396-136-0x0000000000400000-0x000000000048E000-memory.dmp

                            Filesize

                            568KB

                            Download

                          • memory/396-132-0x000000000069D000-0x00000000006AD000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/396-135-0x000000000069D000-0x00000000006AD000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/396-134-0x0000000000400000-0x000000000048E000-memory.dmp

                            Filesize

                            568KB

                            Download

                          • memory/396-133-0x00000000005E0000-0x00000000005E9000-memory.dmp

                            Filesize

                            36KB

                            Download

                          • memory/420-184-0x0000000000500000-0x0000000000506000-memory.dmp

                            Filesize

                            24KB

                            Download

                          • memory/420-185-0x00000000004F0000-0x00000000004FB000-memory.dmp

                            Filesize

                            44KB

                            Download

                          • memory/420-198-0x0000000000500000-0x0000000000506000-memory.dmp

                            Filesize

                            24KB

                            Download

                          • memory/1660-164-0x0000000000400000-0x0000000000414000-memory.dmp

                            Filesize

                            80KB

                            Download

                          • memory/1660-168-0x0000000000400000-0x0000000000414000-memory.dmp

                            Filesize

                            80KB

                            Download

                          • memory/1660-167-0x0000000000400000-0x0000000000414000-memory.dmp

                            Filesize

                            80KB

                            Download

                          • memory/1780-196-0x00000000001B0000-0x00000000001D2000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/1780-178-0x00000000001B0000-0x00000000001D2000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/1780-179-0x0000000000180000-0x00000000001A7000-memory.dmp

                            Filesize

                            156KB

                            Download

                          • memory/1952-188-0x0000000000AC0000-0x0000000000ACD000-memory.dmp

                            Filesize

                            52KB

                            Download

                          • memory/1952-199-0x0000000000AD0000-0x0000000000AD7000-memory.dmp

                            Filesize

                            28KB

                            Download

                          • memory/1952-187-0x0000000000AD0000-0x0000000000AD7000-memory.dmp

                            Filesize

                            28KB

                            Download

                          • memory/1984-152-0x0000000005130000-0x00000000056D4000-memory.dmp

                            Filesize

                            5.6MB

                            Download

                          • memory/1984-154-0x0000000004BE0000-0x0000000004BEA000-memory.dmp

                            Filesize

                            40KB

                            Download

                          • memory/1984-153-0x0000000004C20000-0x0000000004CB2000-memory.dmp

                            Filesize

                            584KB

                            Download

                          • memory/1984-151-0x00000000001C0000-0x0000000000358000-memory.dmp

                            Filesize

                            1.6MB

                            Download

                          • memory/2300-192-0x0000000001020000-0x0000000001027000-memory.dmp

                            Filesize

                            28KB

                            Download

                          • memory/2300-157-0x0000000001010000-0x000000000101B000-memory.dmp

                            Filesize

                            44KB

                            Download

                          • memory/2300-156-0x0000000001020000-0x0000000001027000-memory.dmp

                            Filesize

                            28KB

                            Download

                          • memory/2544-140-0x0000000000260000-0x0000000000408000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/2544-141-0x00000000058D0000-0x00000000058F2000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/2560-190-0x0000000001020000-0x0000000001028000-memory.dmp

                            Filesize

                            32KB

                            Download

                          • memory/2560-200-0x0000000001020000-0x0000000001028000-memory.dmp

                            Filesize

                            32KB

                            Download

                          • memory/2560-191-0x0000000001010000-0x000000000101B000-memory.dmp

                            Filesize

                            44KB

                            Download

                          • memory/2808-193-0x0000000000F50000-0x0000000000F59000-memory.dmp

                            Filesize

                            36KB

                            Download

                          • memory/2808-170-0x0000000000F40000-0x0000000000F4F000-memory.dmp

                            Filesize

                            60KB

                            Download

                          • memory/2808-169-0x0000000000F50000-0x0000000000F59000-memory.dmp

                            Filesize

                            36KB

                            Download

                          • memory/3040-194-0x0000000000670000-0x0000000000675000-memory.dmp

                            Filesize

                            20KB

                            Download

                          • memory/3040-173-0x0000000000660000-0x0000000000669000-memory.dmp

                            Filesize

                            36KB

                            Download

                          • memory/3040-172-0x0000000000670000-0x0000000000675000-memory.dmp

                            Filesize

                            20KB

                            Download

                          • memory/3672-143-0x0000000000400000-0x0000000000414000-memory.dmp

                            Filesize

                            80KB

                            Download

                          • memory/3672-146-0x0000000000400000-0x0000000000414000-memory.dmp

                            Filesize

                            80KB

                            Download

                          • memory/3672-147-0x0000000000400000-0x0000000000414000-memory.dmp

                            Filesize

                            80KB

                            Download

                          • memory/4068-182-0x00000000008A0000-0x00000000008A9000-memory.dmp

                            Filesize

                            36KB

                            Download

                          • memory/4068-181-0x00000000008B0000-0x00000000008B5000-memory.dmp

                            Filesize

                            20KB

                            Download

                          • memory/4068-197-0x00000000008B0000-0x00000000008B5000-memory.dmp

                            Filesize

                            20KB

                            Download

                          • memory/4332-176-0x0000000000C80000-0x0000000000C8C000-memory.dmp

                            Filesize

                            48KB

                            Download

                          • memory/4332-195-0x0000000000C90000-0x0000000000C96000-memory.dmp

                            Filesize

                            24KB

                            Download

                          • memory/4332-175-0x0000000000C90000-0x0000000000C96000-memory.dmp

                            Filesize

                            24KB

                            Download