raccoon | 0ab1e0e461397dbcef2da057f0be7e77faa25a98404787048df615efcac2eadf | Triage

Analysis

max time kernel
107s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2023 03:50

Sharing

Report Analysis Logs

General

Target

Setup.exe
Size

726.6MB
MD5

ebd5cd599205900317217a63e56682f4
SHA1

deb77205e3a6946f4ebcadc9a38722db1d714fdb
SHA256

5dfabc04464a9083204c71e58dc742bcdc8eeac11db3aad1352ef244fdd9985b
SHA512

7953dab7ec2731f8daf4f3d71fcabbc334f1a179c053df28c4b4365a0eb4ffcb01db95f9c8d378b86dd515644af58ba72a52f1e6910f12e25eeba71c98600a4e
SSDEEP

196608:POLaJJiSb4tlUVHQf6bSU5EuklXBAuFitiB:POOJMXUVHQg7kjB

Score

10^/10

raccoon 4e27b39e9aaa6403f36702b4d66f5024 stealer

Malware Config

Extracted

Family

raccoon

Botnet

4e27b39e9aaa6403f36702b4d66f5024

C2

http://94.142.138.10/

http://94.142.138.9/

rc4.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

Setup.exe

pid process

1964 Setup.exe
1964 Setup.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Setup.exe

pid process

1964 Setup.exe
1964 Setup.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1964-132-0x0000000000400000-0x0000000000E83000-memory.dmp

Filesize
10.5MB

Download
memory/1964-134-0x0000000000400000-0x0000000000E83000-memory.dmp

Filesize
10.5MB

Download
memory/1964-135-0x0000000000400000-0x0000000000E83000-memory.dmp

Filesize
10.5MB

Download
memory/1964-136-0x0000000000400000-0x0000000000E83000-memory.dmp

Filesize
10.5MB

Download