Overview

overview

10

Static

static

SetupFile.exe

windows7-x64

1

SetupFile.exe

windows10-1703-x64

10

SetupFile.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    249s
  • max time network
    502s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/01/2023, 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SetupFile.exe

  • Size

    762.9MB

  • MD5

    6ee8aef895a4a94d745ad2d1464e316c

  • SHA1

    cf6ae8cb821267875a5b7224e13a1ea3b43d87bb

  • SHA256

    76f4b9e74057d1a8d59934479a69c601833f3e7151f70f576924a70228451c7c

  • SHA512

    97c7d9fa7e64f487d29704a57dd9bfe2f4478a709ddf5e1eae412148250f2755436a0104fc9ea76d6f6d7dd02fd2c7d19e4693cde35f98b7727a471142eb8b55

  • SSDEEP

    98304:tfE8eSY+aKtQGU+dbeIhDDL1l1eEdW+xy/UNRc9X6UI4lXq81rwQIaVMPauQPKCx:tfEhj+3U+x9Xl13W8ysNRc9r/pqUx

Score
10/10
raccoon4859a564051819b0e0da9c36d0cc3ca2stealer

Malware Config

Extracted

Family

raccoon

Botnet

4859a564051819b0e0da9c36d0cc3ca2

C2

http://94.142.138.3/

rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SetupFile.exe
    "C:\Users\Admin\AppData\Local\Temp\SetupFile.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5008
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe"
      2⤵
        PID:3352

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3352-133-0x0000000000400000-0x000000000041E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/3352-137-0x0000000000400000-0x000000000041E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/3352-138-0x0000000000400000-0x000000000041E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/5008-132-0x0000000000660000-0x000000000157E000-memory.dmp

      Filesize

      15.1MB

      Download

    • memory/5008-135-0x00007FFD77460000-0x00007FFD77F21000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/5008-139-0x00007FFD77460000-0x00007FFD77F21000-memory.dmp

      Filesize

      10.8MB

      Download