Overview

overview

10

Static

static

1

Setup.exe

windows7-x64

1

Setup.exe

windows10-2004-x64

10

Resubmissions

21-02-2023 10:46

230221-mt4pfsee56 10

20-02-2023 14:06

230220-repdfaaf5x 5

06-02-2023 02:06

230206-cjwkzsbf93 5

Analysis

  • max time kernel
    52s
  • max time network
    71s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-02-2023 10:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    6.7MB

  • MD5

    4a74b4d5383b42b15245aec5b9de0e59

  • SHA1

    3c03ec01a330d405bf26e751b6590517e551c8e1

  • SHA256

    47900e34c718e9d4469f855c5ab52265496d614ef307f16cd30be58b04b3fe04

  • SHA512

    b205a8790a2f53e74ecc7f7f29f793f8a3f92d15b52aac89b2c9c05b0663f5cdfbff62685bdd921bf31ec01cf37ce66a3c2fe077ef1564e721ce1446523f69ee

  • SSDEEP

    196608:mYTJPdCItuklI4LkpmwxWNNYocrM6D37D/hoHTb+P:dTJPw7klMsbYozuHhkP+

Score
10/10
raccoon4ee2cb7da0a3931a9114d3f32bae4b8dstealer

Malware Config

Extracted

Family

raccoon

Botnet

4ee2cb7da0a3931a9114d3f32bae4b8d

C2

http://146.70.161.70/

rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/368-133-0x0000000000EC0000-0x0000000000EC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/368-134-0x0000000000ED0000-0x0000000000ED1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/368-135-0x0000000000EE0000-0x0000000000EE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/368-136-0x0000000000F00000-0x0000000000F01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/368-137-0x0000000000F30000-0x0000000000F31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/368-138-0x0000000000F40000-0x0000000000F41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/368-139-0x0000000000F50000-0x0000000000F51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/368-140-0x0000000000F70000-0x0000000000F71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/368-141-0x0000000000400000-0x0000000000EBE000-memory.dmp
    Filesize

    10.7MB

    Download