Overview

overview

10

Static

static

1

iSetup.exe

windows7-x64

10

iSetup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    64s
  • max time network
    63s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21-04-2023 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    iSetup.exe

  • Size

    963.4MB

  • MD5

    d9837847dc9af1c9016ef4a0e7b6c6bc

  • SHA1

    e5f375af44e44274f93b63cc3ce34f6f8c8034dd

  • SHA256

    7952fc791342a8d11f206c83aa85421fd44fba1e6e5b49dc8a6cec41ac99a475

  • SHA512

    3b0bc12db0c1920107444623a9782786232cbcc3f9e821f814f2b99e097d7763703d8a11b5f255f91cc3a88049cb3f563ba122367035289299dd90868e74c509

  • SSDEEP

    393216:QO+o7rCtFOVIu4rLJF7sLL+/A45K2ykhP:mofLCuAkLL+/A6K4B

Score
10/10
raccoon59b84a5420a33b4e78d2e5edb4d9154bstealer

Malware Config

Extracted

Family

raccoon

Botnet

59b84a5420a33b4e78d2e5edb4d9154b

C2

http://37.220.87.69

http://83.217.11.14
xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\iSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\iSetup.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/816-54-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/816-55-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/816-56-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/816-57-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/816-58-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/816-59-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/816-60-0x0000000000400000-0x0000000001DF1000-memory.dmp

    Filesize

    25.9MB

    Download