Overview

overview

10

Static

static

Notepp_v8.4.1.exe

windows7-x64

1

Notepp_v8.4.1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    103s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-02-2023 20:56

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Notepp_v8.4.1.exe

  • Size

    726MB

  • MD5

    b965849f9cb7a5682f7360e2e11e18a7

  • SHA1

    701c9f5c440ba3d66ed2cb811fdf0d70bbb3c752

  • SHA256

    4550a980c9d26b4d8bca56554cf8306035a2f11f008eafe441443eb917f38234

  • SHA512

    fa0c506896aa63aef8b2d0092d5ee8bdbaf28f2fa8f01231bcbe98d11b75216583932dcd0761489e499fefe79d4acbe347197f63fb8bc96c922986f5620fb3f3

  • SSDEEP

    98304:1ebHh5VT5R7wi9co9645B6zQji648PJQ/2uypUJM2SBBbQc0s01aNG6mXh23ViV/:UbHh5h5Fb9cOX6GPJe5yCOnXNhmx2S/

Score
10/10
raccoon6471658e2f49c08476aafe55fb7366b0stealer

Malware Config

Extracted

Family

raccoon

Botnet

6471658e2f49c08476aafe55fb7366b0

C2

http://91.234.254.143/

rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Notepp_v8.4.1.exe
    "C:\Users\Admin\AppData\Local\Temp\Notepp_v8.4.1.exe"
    Suspicious use of NtSetInformationThreadHideFromDebugger
    Suspicious behavior: EnumeratesProcesses
    PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

00:00 00:00

Downloads

  • memory/1664-132-0x0000000000400000-0x0000000000E78000-memory.dmp
    Filesize

    10MB

    Download
  • memory/1664-134-0x0000000000400000-0x0000000000E78000-memory.dmp
    Filesize

    10MB

    Download
  • memory/1664-135-0x0000000000400000-0x0000000000E78000-memory.dmp
    Filesize

    10MB

    Download
  • memory/1664-136-0x0000000000400000-0x0000000000E78000-memory.dmp
    Filesize

    10MB

    Download