Overview

overview

10

Static

static

1

AllUpdateS...on.rar

windows7-x64

3

AllUpdateS...on.rar

windows10-2004-x64

3

Final_Setu...ey.rar

windows7-x64

3

Final_Setu...ey.rar

windows10-2004-x64

3

FullSetup.exe

windows7-x64

10

FullSetup.exe

windows10-2004-x64

10

Main-PaSsWord.txt

windows7-x64

1

Main-PaSsWord.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    17s
  • max time network
    27s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    02-04-2023 15:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FullSetup.exe

  • Size

    1023.0MB

  • MD5

    0d841e12892835ac7f4e6b862bcff9eb

  • SHA1

    a9bf5e35571839a6b46ef0b7cc501f570910c67b

  • SHA256

    11647cffa0619b1f643b6dd91fd6448c171eea5f7d101f54e5f27c4b19be80dc

  • SHA512

    436e4f0bea2f0b24dcf62cc30ed7ceb38ca00966e24136d46c5a2de29438cf54127cb4625ce4b7b9257012ad211b57967ed44c4441db364062a5c409333e59b8

  • SSDEEP

    196608:NIwGXgGtIGbzp9yYXOcpg73bQZ+cXFH+5Y/W57Cd4LpaGGU8m3sV//5XgfFIMcIV:yXXXDpFORruH+EWkdCwU8sIJYn

Score
10/10
raccoon13718a923845c0cdab8ce45c585b8d63stealer

Malware Config

Extracted

Family

raccoon

Botnet

13718a923845c0cdab8ce45c585b8d63

C2

http://45.15.156.143/

rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FullSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\FullSetup.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1196-55-0x0000000000350000-0x0000000000351000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1196-54-0x0000000000350000-0x0000000000351000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1196-56-0x0000000000350000-0x0000000000351000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1196-57-0x0000000000400000-0x0000000001A70000-memory.dmp
    Filesize

    22.4MB

    Download