Overview

overview

10

Static

static

7

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    89s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2023 16:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    465.0MB

  • MD5

    5c9eaedea9f8d3471e2b941fe3c1f790

  • SHA1

    72e36c78cd8fd0ad6b98923943c76ff4db5926ce

  • SHA256

    a7f33cf659584cb8d25e12291a510e206059a4a66aaafc884eea413e5ea7ed67

  • SHA512

    a4c77155f7fc55e72da5005eb364680b892970f484e9228fb7f14064ddd9727ede778615b1c222ded20419699a47d1a83f39896ff829b227ec6784a80a9313d8

  • SSDEEP

    49152:yUj5BJeqOnjDmNlqKxOnjDmNlqO/UzbPZHOnjDmNlq/z92:L2UMvSk

Score
10/10
raccoon6039f7141434542f8fcbabcd7d82455dstealer

Malware Config

Extracted

Family

raccoon

Botnet

6039f7141434542f8fcbabcd7d82455d

C2

http://83.217.11.27/

http://83.217.11.28/
rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "{path}"
      2⤵
        PID:3556
      • C:\Users\Admin\AppData\Local\Temp\Setup.exe
        "{path}"
        2⤵
          PID:2716

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1848-132-0x00000000005A0000-0x000000000077C000-memory.dmp
        Filesize

        1.9MB

        Download
      • memory/1848-133-0x0000000004F90000-0x000000000502C000-memory.dmp
        Filesize

        624KB

        Download
      • memory/1848-134-0x00000000055E0000-0x0000000005B84000-memory.dmp
        Filesize

        5.6MB

        Download
      • memory/1848-135-0x00000000050D0000-0x0000000005162000-memory.dmp
        Filesize

        584KB

        Download
      • memory/1848-136-0x00000000050A0000-0x00000000050AA000-memory.dmp
        Filesize

        40KB

        Download
      • memory/1848-137-0x00000000052C0000-0x0000000005316000-memory.dmp
        Filesize

        344KB

        Download
      • memory/2716-139-0x0000000000000000-mapping.dmp
        Download
      • memory/2716-140-0x0000000000400000-0x000000000041E000-memory.dmp
        Filesize

        120KB

        Download
      • memory/2716-142-0x0000000000400000-0x000000000041E000-memory.dmp
        Filesize

        120KB

        Download
      • memory/2716-143-0x0000000000400000-0x000000000041E000-memory.dmp
        Filesize

        120KB

        Download
      • memory/3556-138-0x0000000000000000-mapping.dmp
        Download