Overview

overview

10

Static

static

Setup.exe

windows7-x64

1

Setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    86s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-02-2023 12:46

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.exe

  • Size

    726MB

  • MD5

    e947e10d9a4b2aaccddc84e2393f9404

  • SHA1

    d3efd66c182ddd02c11fc753aa6d8a8842ab1b4e

  • SHA256

    76b810acad15caa149bf44aaf25d8acaec813fca01ee0dc01e815368de2b5664

  • SHA512

    e115cbf67e65dc1a8febb62f633fb04b88a2a02ea472c4431f0f7d62385eed3daf989419021c201f6903b23fb311e57d16d22f4e295130f36eb67701b4428790

  • SSDEEP

    98304:7dEPYMOo5jW4WF7KhlKBLaNi54hqjzB0gbY+ApQJMQZCWpn4XAWwLYOgLe89i:KPYMVna7GK6i54hqjqmA6dn4XA9YO8dc

Score
10/10
raccoon0eceb3d1f21f3ea1b454c7f4a9867731stealer

Malware Config

Extracted

Family

raccoon

Botnet

0eceb3d1f21f3ea1b454c7f4a9867731

C2

http://146.70.86.11/

http://69.46.15.158/

rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    Suspicious use of NtSetInformationThreadHideFromDebugger
    Suspicious behavior: EnumeratesProcesses
    PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

00:00 00:00

Downloads

  • memory/2124-132-0x0000000000400000-0x0000000000EB6000-memory.dmp
    Filesize

    10MB

    Download
  • memory/2124-134-0x0000000000400000-0x0000000000EB6000-memory.dmp
    Filesize

    10MB

    Download
  • memory/2124-135-0x0000000000400000-0x0000000000EB6000-memory.dmp
    Filesize

    10MB

    Download