Overview

overview

10

Static

static

1

crSetup.exe

windows7-x64

10

crSetup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-03-2023 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    crSetup.exe

  • Size

    1015.0MB

  • MD5

    e369f4f19d3adcab34e0af333f113af9

  • SHA1

    5a2575fc14031f0f823ca4c09e6d653ae367e400

  • SHA256

    eaf8e329aa7f9a7b624938323b17dd1c13a20f35c491538929d043281e338179

  • SHA512

    baea6a13ba1f747ff75fb25fa2181222152e296da43f886be32e311235d2674f5f952ffe39bfcc286a5be40fa267ba24624702f37e446320d33e26eb49f3b4f3

  • SSDEEP

    196608:FxZoPbD6en7KWZ0Zq9BF7pIRuHNCwfvadJbZ8TuPx/1/MURFg2frJBJH/48rrBny:nwbOe+cgqLqgHTXavF8g/MM3zJHAQn/K

Score
10/10
raccoon01ce0bf18c5eb0152a13b2ee5d4d8adcstealer

Malware Config

Extracted

Family

raccoon

Botnet

01ce0bf18c5eb0152a13b2ee5d4d8adc

C2

http://37.220.87.69

http://83.217.11.6
rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\crSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\crSetup.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-133-0x0000000001CD0000-0x0000000001CD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1688-134-0x0000000001CE0000-0x0000000001CE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1688-135-0x0000000000400000-0x0000000001CB5000-memory.dmp
    Filesize

    24.7MB

    Download