Overview

overview

10

Static

static

1

1Satup.exe

windows7-x64

10

1Satup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    20s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    24-04-2023 14:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1Satup.exe

  • Size

    1023.0MB

  • MD5

    9851b7022e55a466860711e8e5adacd3

  • SHA1

    0f28fc2c7d139b33080c8b31c3b3779ae4ea53d8

  • SHA256

    199655bf597bcbf6d673318378fccc97901cc3227bccdb0a39c2737eb9cb9c53

  • SHA512

    42e4e92e7f50130c05eb71056e158ae3a7f93d03f7ed0ab4fc1b3832273643bc12794be80cb459cef86b732ad50c04411a0ab2683168463da31c929bb4aabfdc

  • SSDEEP

    393216:j6tZmdypN4G/tdXs9lQb+F39qnbcE7xeaYP9pjfQXzTV9r9D4L:kmMsOVMQg9UbcE7xeaqTfQDZRY

Score
10/10
raccoon13718a923845c0cdab8ce45c585b8d63stealer

Malware Config

Extracted

Family

raccoon

Botnet

13718a923845c0cdab8ce45c585b8d63

C2

http://94.142.138.175/

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1Satup.exe
    "C:\Users\Admin\AppData\Local\Temp\1Satup.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1728-54-0x0000000000230000-0x0000000000231000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1728-55-0x0000000000230000-0x0000000000231000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1728-56-0x0000000000230000-0x0000000000231000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1728-57-0x0000000000400000-0x0000000001A89000-memory.dmp
    Filesize

    22.5MB

    Download