Overview

overview

10

Static

static

859e1182c2...nk.exe

windows7-x64

10

859e1182c2...nk.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-01-2023 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    859e1182c2ff316f92ec990c18fff2a0.unk.exe

  • Size

    6.9MB

  • MD5

    859e1182c2ff316f92ec990c18fff2a0

  • SHA1

    ee2b75886ec48732c0d73827f82753bd8784b836

  • SHA256

    dd4cedc22c0a03d06a02e0fa290c8d9243e5a369a686f825036f54a5e02a4b9f

  • SHA512

    76b9af5f976c3612e3c4fd957802b2d1825259e517a96f09f67fc4a27a95b0421d82aab8aefd9b738c45259c11957e407f5145a105eb4a2db37eeae81760b9c5

  • SSDEEP

    98304:CBfVeDFUe8WF63GOJ+ulYitOtMfNS6Z+kPqClDHuR9l7dVNESiKBr:MQDqe8j2OHeMjPllDOnDiKBr

Score
10/10
raccoonfebdbfd13097e2af1fd5f65e42403621stealer

Malware Config

Extracted

Family

raccoon

Botnet

febdbfd13097e2af1fd5f65e42403621

C2

http://193.43.147.132

rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer payload 5 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\859e1182c2ff316f92ec990c18fff2a0.unk.exe
    "C:\Users\Admin\AppData\Local\Temp\859e1182c2ff316f92ec990c18fff2a0.unk.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3348-132-0x0000000000F90000-0x0000000001A67000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/3348-133-0x0000000000F90000-0x0000000001A67000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/3348-135-0x0000000000F90000-0x0000000001A67000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/3348-136-0x0000000000F90000-0x0000000001A67000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/3348-137-0x0000000000F90000-0x0000000001A67000-memory.dmp
    Filesize

    10.8MB

    Download