Overview

overview

10

Static

static

1

CompleteSe...on.rar

windows10-2004-x64

10

Full_PassWord.txt

windows10-2004-x64

1

Newest_Set...ey.rar

windows10-2004-x64

3

LicenseKey.txt

windows10-2004-x64

1

SetupFile.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1613s
  • max time network
    1592s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    02/04/2023, 17:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SetupFile.exe

  • Size

    1023.0MB

  • MD5

    3cd7c34bdce2201ec403163fa34bc67e

  • SHA1

    87f1dd22c67315d6a823b244d6fe72758273c45a

  • SHA256

    6d67096d24aef535924b065b49bc2f8b8dbe717d7e4ecae4e5daa45dcc2e193d

  • SHA512

    c6c78986eb86ad2793215b187829d8b760047344ac6dfc9d5e38cc84035f7c20cd3c92435cce4b81157f0e4d942fdd97bbe9417a5241312399502f0ab585ef8d

  • SSDEEP

    196608:NYzLzScvgh3AADZ7sMHEXBhb8Jrznl32LUTxqLrkSdNMjGYQcH7WTyCWxxPajesG:mjScvgh3A4dLHEx0rILKxC3+bGy96eyg

Score
10/10
raccoon23883deb102ef0839fbfe8fcef1a5fc7stealer

Malware Config

Extracted

Family

raccoon

Botnet

23883deb102ef0839fbfe8fcef1a5fc7

C2

http://37.220.87.68

http://83.217.11.10
rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SetupFile.exe
    "C:\Users\Admin\AppData\Local\Temp\SetupFile.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4988-133-0x0000000001E50000-0x0000000001E51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4988-134-0x0000000001E60000-0x0000000001E61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4988-135-0x0000000000400000-0x0000000001CB1000-memory.dmp

    Filesize

    24.7MB

    Download