Overview

overview

10

Static

static

3

73f8b78061...in.exe

windows7-x64

10

73f8b78061...in.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    184s
  • max time network
    209s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-04-2023 21:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73f8b780611ace51cb61c01975afe06c.bin.exe

  • Size

    15.6MB

  • MD5

    73f8b780611ace51cb61c01975afe06c

  • SHA1

    5a6b70733e53f30e6f30b1ff59c19489f1248b51

  • SHA256

    069494fedfdfd26cd90ee6614b3ce09884eb53c0bd8566f9e70d55243c44b5a6

  • SHA512

    fb731560a41f87420e632cc8992ff8f764904011c367d7c7290dc88ac76730de894bbd371bc9f27186b9577fe03f19463842a73b993d1b5f3a3bde631839f92b

  • SSDEEP

    196608:A0RgGF79cVhrirDBFsYPVM6TWn7/m80aslB4ZJdDhpp0Bz6P2fAz1TPTYEtm96m5:XycYIDBKl7O80zlgJpJ0BI2fU3X0D5

Score
10/10
raccoon717609e6131226f92ce8ce08c34305bestealer

Malware Config

Extracted

Family

raccoon

Botnet

717609e6131226f92ce8ce08c34305be

C2

http://37.220.87.66/

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73f8b780611ace51cb61c01975afe06c.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\73f8b780611ace51cb61c01975afe06c.bin.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3572-134-0x0000000001F60000-0x0000000001F61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3572-135-0x0000000001FC0000-0x0000000001FC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3572-136-0x0000000000400000-0x0000000001E02000-memory.dmp
    Filesize

    26.0MB

    Download