Analysis
-
max time kernel
102s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
21-02-2023 07:48
General
-
Target
Software/SetUp_PC.exe
-
Size
726.6MB
-
MD5
ee7dbb1cdcaf1920500fa76b44afea3d
-
SHA1
17cb6aa15175d2cb8106455b181ee1ff75d4d34d
-
SHA256
7ecc8b4f8ec5662bd97aa3e1eb162e6684d8c2196b3414bece5b059c01d38ff0
-
SHA512
fe5abaa5e1a5f0932134e26871f3e5ff7248e4c132450e169987d2f0310a25b3a9770c620671704aa12533e827f499b93b78789edbb796391cc9c60497adadbe
-
SSDEEP
196608:09qedEvqljzejFrEcrWu2PAe72WHeu+cHVkAhyfKAe0p5:+Iq1KzWu2P/2WHeuNWAhyCAt5
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
769697934194cbf139d35b78f11aeea0
C2
http://5.75.242.235/
http://142.132.191.50/
http://79.137.206.31/
http://79.137.248.136/
rc4.plain
Signatures
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Software\SetUp_PC.exe"C:\Users\Admin\AppData\Local\Temp\Software\SetUp_PC.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2800-133-0x0000000000FD0000-0x0000000000FD1000-memory.dmpFilesize
4KB
-
memory/2800-134-0x0000000002B80000-0x0000000002B81000-memory.dmpFilesize
4KB
-
memory/2800-135-0x0000000002B90000-0x0000000002B91000-memory.dmpFilesize
4KB
-
memory/2800-136-0x0000000002BC0000-0x0000000002BC1000-memory.dmpFilesize
4KB
-
memory/2800-137-0x0000000002BD0000-0x0000000002BD1000-memory.dmpFilesize
4KB
-
memory/2800-138-0x0000000002BE0000-0x0000000002BE1000-memory.dmpFilesize
4KB
-
memory/2800-139-0x0000000002BF0000-0x0000000002BF1000-memory.dmpFilesize
4KB
-
memory/2800-140-0x0000000002C00000-0x0000000002C01000-memory.dmpFilesize
4KB
-
memory/2800-141-0x0000000000400000-0x0000000000E68000-memory.dmpFilesize
10.4MB