Overview

overview

10

Static

static

1

Set-up.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    50s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-04-2023 17:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Set-up.exe

  • Size

    178.1MB

  • MD5

    f56cd0f1caa4eca1a8f1affdbf04ab57

  • SHA1

    4bffc8b3f521d72bac73908b394175167dd55fff

  • SHA256

    fdf25a5d61bbb912277b1a9321b568b4e44cd061bcb54c91f906ef5de3279089

  • SHA512

    51cd2d500b30212347cd31df4e268f87fc24de92b93e2e12e2a46fdb0d340a6cde4a20ea5b6067c7420512908007ccb26892a89f1bd1a7f27511c27f07dc57f4

  • SSDEEP

    196608:hf1E7bL4wssAcHkklyu74Yb+RcPwYh937sMj98YQYL6dVHkXS1I1F+r5ywYWVBd4:h9Ez4wvZDv+2Zh9Nj953II1FG5yVAhS1

Score
10/10
raccoonf1c3f7a3e12da19758239f0284e7dc2cstealer

Malware Config

Extracted

Family

raccoon

Botnet

f1c3f7a3e12da19758239f0284e7dc2c

C2

http://37.220.87.66/

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Set-up.exe
    "C:\Users\Admin\AppData\Local\Temp\Set-up.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3724-133-0x0000000001BC0000-0x0000000001BC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3724-134-0x0000000001BD0000-0x0000000001BD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3724-135-0x0000000000400000-0x0000000001B76000-memory.dmp
    Filesize

    23.5MB

    Download