Overview

overview

10

Static

static

e7f78e2252...67.exe

windows7-x64

1

e7f78e2252...67.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-01-2023 13:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e7f78e22526692e61b0df20f2f6a7d22918d6b8ed0d8489db583a0e60952ff67.exe

  • Size

    6.2MB

  • MD5

    24085f579497e4adda77ea8e3101efe4

  • SHA1

    fe29633a73efe06ffed1954be236aa9e49e2a762

  • SHA256

    e7f78e22526692e61b0df20f2f6a7d22918d6b8ed0d8489db583a0e60952ff67

  • SHA512

    332a558c0264bfe9b09a630fa9d9637742df0933540defc933ec00a43556eaa74e1b3f996edacd95bf0b98bb905481144dc7815777126bfdfa5815e1a5bbe3bc

  • SSDEEP

    98304:2d+HKGRyh0wuVmd1USdtQ1TdEHSHBbmXLXKDSxWdyzxN0ARU6CjvpGbSrvLCoWwj:2UM8s+GoBbCXDxPxNaNGb6L31

Score
10/10
raccoon5c28acbbf9d03405995950480f1c9638stealer

Malware Config

Extracted

Family

raccoon

Botnet

5c28acbbf9d03405995950480f1c9638

C2

http://193.149.187.53/

rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e7f78e22526692e61b0df20f2f6a7d22918d6b8ed0d8489db583a0e60952ff67.exe
    "C:\Users\Admin\AppData\Local\Temp\e7f78e22526692e61b0df20f2f6a7d22918d6b8ed0d8489db583a0e60952ff67.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2820-132-0x0000000000400000-0x0000000000DB9000-memory.dmp
    Filesize

    9.7MB

    Download
  • memory/2820-134-0x0000000000400000-0x0000000000DB9000-memory.dmp
    Filesize

    9.7MB

    Download
  • memory/2820-135-0x0000000000400000-0x0000000000DB9000-memory.dmp
    Filesize

    9.7MB

    Download