Overview

overview

10

Static

static

setupsoftapp19.0.exe

windows7-x64

1

setupsoftapp19.0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    setupsoftapp19.0.exe

  • Size

    263KB

  • Sample

    230127-t74pyacb59

  • MD5

    3011c7dd93d6688a69a90453b86490e3

  • SHA1

    e3cfeff2fc04b9e56c5c5e9d1b58f5950c77cff4

  • SHA256

    6b53c80b5310841f6650a57f4c19a66feb461814c1b832173919bc9bfdcd2651

  • SHA512

    329f0daaab2d48f55b2a86567c941d0a9f1d8db593f63c427efacab448f692cb3b2b5b8556c35182eb4a7d54b76d7338c2f1a1e0a1d9a9c282d1e0e90e47ebd7

  • SSDEEP

    6144:AWM2eqdZEINj4QxcpwtuL5SGDL6cS/34Zl:/MqhiSc4GDW93

Score
10/10
raccoon3f4a8564e5026a245d6974b020b3f6destealer

Malware Config

Extracted

Family

raccoon

Botnet

3f4a8564e5026a245d6974b020b3f6de

C2

http://45.15.156.225/

rc4.plain

Targets

    • Target

      setupsoftapp19.0.exe

    • Size

      263KB

    • MD5

      3011c7dd93d6688a69a90453b86490e3

    • SHA1

      e3cfeff2fc04b9e56c5c5e9d1b58f5950c77cff4

    • SHA256

      6b53c80b5310841f6650a57f4c19a66feb461814c1b832173919bc9bfdcd2651

    • SHA512

      329f0daaab2d48f55b2a86567c941d0a9f1d8db593f63c427efacab448f692cb3b2b5b8556c35182eb4a7d54b76d7338c2f1a1e0a1d9a9c282d1e0e90e47ebd7

    • SSDEEP

      6144:AWM2eqdZEINj4QxcpwtuL5SGDL6cS/34Zl:/MqhiSc4GDW93

    Score
    10/10
    raccoon3f4a8564e5026a245d6974b020b3f6destealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Blocklisted process makes network request

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks