raccoon | 373beddc7d46294e688c3afffc8d3448be47004cd681ded7016285a9b6a51f00

Analysis

max time kernel
78s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2023 19:02

Target

Expert-Soft_PC/File_PC-Set_Up.exe
Size

725.8MB
MD5

ff93bb54d5d45721a52ca873cffae67d
SHA1

b833df65dff772071c767c018b90b3e5431d4306
SHA256

b65709e0ae0fe77829dfdf86429fb6baf546bd88389c6061dc617781ed39681d
SHA512

d908f7c4010465d943975e0c626eddef6fdb4df852ad5222e8fa26441d95d6aaf024c8860b59353beea29ff701e9074b64def32f94c1b54e61eb661224cb65c8
SSDEEP

98304:KBGecVKgLiJiSt0m6zmMZDpV5VyDG2oy69aQ0OF9yFKdOu7d2WBS12tpPnzngAP:KkdiJi/mWmMxve+aUIMdOoVPvzngS

Score

10^/10

Family

raccoon

Botnet

8c3e4aa007fb2f2defacc1f952806f72

http://85.192.63.161/

http://170.75.160.9/

rc4.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

File_PC-Set_Up.exe

pid process

3600 File_PC-Set_Up.exe
3600 File_PC-Set_Up.exe

pid	process
3600	File_PC-Set_Up.exe
3600	File_PC-Set_Up.exe

C:\Users\Admin\AppData\Local\Temp\Expert-Soft_PC\File_PC-Set_Up.exe
"C:\Users\Admin\AppData\Local\Temp\Expert-Soft_PC\File_PC-Set_Up.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3600

memory/3600-132-0x0000000000400000-0x0000000000D19000-memory.dmp

Filesize
9.1MB

Download
memory/3600-134-0x0000000000400000-0x0000000000D19000-memory.dmp

Filesize
9.1MB

Download
memory/3600-135-0x0000000000400000-0x0000000000D19000-memory.dmp

Filesize
9.1MB

Download
memory/3600-136-0x0000000000400000-0x0000000000D19000-memory.dmp

Filesize
9.1MB

Download