Overview

overview

10

Static

static

10

Raccoon St...er.exe

windows7-x64

10

Raccoon St...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-01-2023 01:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Raccoon Stealer Builder.exe

  • Size

    239KB

  • MD5

    0de94fc3e5f5e0e34d26abef5d3d6d2b

  • SHA1

    23c26448be63a797e4b0166d6919ae9402aba6cc

  • SHA256

    5d98c3afedbff733afeabec59003a7a952d2e09fd5179fa71d0745454ee59699

  • SHA512

    bf6b2cfae5819c84e75bfb30193038d21fae0fdef82f91251bef904940bf8a866ad0ddd97980548400b83c08b0d4622b1f7a3f852b087d13a4f925ffe339950b

  • SSDEEP

    3072:7+bZPfpKU+oF9a3voehFxtyI75ytEa+LFFCxge1nw1TV/oOWk:abpfpKU+u9obr70+ZmgoOWk

Score
10/10
stormkittystealer

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Raccoon Stealer Builder.exe
    "C:\Users\Admin\AppData\Local\Temp\Raccoon Stealer Builder.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1104
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1104 -s 1456
      2⤵
      • Program crash
      PID:5112
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 428 -p 1104 -ip 1104
    1⤵
      PID:4552

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1104-132-0x0000000000480000-0x00000000004C0000-memory.dmp
      Filesize

      256KB

      Download
    • memory/1104-133-0x00007FFE53930000-0x00007FFE543F1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/1104-134-0x00007FFE53930000-0x00007FFE543F1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/1104-135-0x00007FFE53930000-0x00007FFE543F1000-memory.dmp
      Filesize

      10.8MB

      Download