Overview

overview

10

Static

static

7

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    40s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03-02-2023 16:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    465.0MB

  • MD5

    5c9eaedea9f8d3471e2b941fe3c1f790

  • SHA1

    72e36c78cd8fd0ad6b98923943c76ff4db5926ce

  • SHA256

    a7f33cf659584cb8d25e12291a510e206059a4a66aaafc884eea413e5ea7ed67

  • SHA512

    a4c77155f7fc55e72da5005eb364680b892970f484e9228fb7f14064ddd9727ede778615b1c222ded20419699a47d1a83f39896ff829b227ec6784a80a9313d8

  • SSDEEP

    49152:yUj5BJeqOnjDmNlqKxOnjDmNlqO/UzbPZHOnjDmNlq/z92:L2UMvSk

Score
10/10
raccoon6039f7141434542f8fcbabcd7d82455dstealer

Malware Config

Extracted

Family

raccoon

Botnet

6039f7141434542f8fcbabcd7d82455d

C2

http://83.217.11.27/

http://83.217.11.28/
rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "{path}"
      2⤵
        PID:1608

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1608-63-0x0000000000400000-0x000000000041E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/1608-61-0x0000000000400000-0x000000000041E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/1608-65-0x0000000000400000-0x000000000041E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/1608-60-0x0000000000400000-0x000000000041E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/1608-67-0x00000000004088ED-mapping.dmp
      Download
    • memory/1608-66-0x0000000000400000-0x000000000041E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/1956-54-0x0000000075F81000-0x0000000075F83000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1956-55-0x0000000000050000-0x000000000022C000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/1956-56-0x00000000009A0000-0x00000000009AE000-memory.dmp
      Filesize

      56KB

      Download
    • memory/1956-57-0x00000000060D0000-0x0000000006144000-memory.dmp
      Filesize

      464KB

      Download
    • memory/1956-58-0x0000000006140000-0x00000000061B2000-memory.dmp
      Filesize

      456KB

      Download
    • memory/1956-59-0x0000000000B00000-0x0000000000B20000-memory.dmp
      Filesize

      128KB

      Download