Overview

overview

10

Static

static

1

Language/WinRar.exe

windows7-x64

10

Language/WinRar.exe

windows10-2004-x64

10

Setup.exe

windows7-x64

1

Setup.exe

windows10-2004-x64

10

en-US/Auto...eN.dll

windows7-x64

1

en-US/Auto...eN.dll

windows10-2004-x64

1

en-US/avicap32.dll

windows7-x64

1

en-US/avicap32.dll

windows10-2004-x64

1

vcomp140.dll

windows7-x64

1

vcomp140.dll

windows10-2004-x64

3

vcruntime140.dll

windows7-x64

3

vcruntime140.dll

windows10-2004-x64

3

win-api.xml

windows7-x64

1

win-api.xml

windows10-2004-x64

1

Resubmissions

21-02-2023 11:28

230221-nla8lsge2x 10

15-02-2023 12:25

230215-pl5mwsbf93 10

Analysis

  • max time kernel
    98s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • submitted
    21-02-2023 11:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

Score
10/10
raccoon697fc5d9af6aa2a29510779d2fc54b97stealer

Malware Config

Extracted

Family

raccoon

Botnet

697fc5d9af6aa2a29510779d2fc54b97

C2

http://83.217.11.27/

http://83.217.11.28/
rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4252-133-0x0000000000F20000-0x0000000000F21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4252-134-0x0000000000F30000-0x0000000000F31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4252-135-0x0000000000F40000-0x0000000000F41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4252-136-0x0000000000F70000-0x0000000000F71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4252-137-0x0000000000F80000-0x0000000000F81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4252-138-0x0000000001090000-0x0000000001091000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4252-139-0x00000000010A0000-0x00000000010A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4252-140-0x00000000010B0000-0x00000000010B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4252-141-0x0000000000400000-0x0000000000F1F000-memory.dmp
    Filesize

    11.1MB

    Download