Overview

overview

10

Static

static

3

Best softw...up.exe

windows7-x64

10

Best softw...up.exe

windows10-1703-x64

10

Best softw...up.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    54s
  • max time network
    182s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14-05-2023 12:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Best software 2023/Sеtup.exe

  • Size

    814.3MB

  • MD5

    27e933506a073ad139ecf1361eee0eeb

  • SHA1

    a1fb969f599ce0747ed501078c8a339f991ca7dd

  • SHA256

    ceb9fb1274c5b38ebc62cb3eeadff9e5f4ca7d5454ee0e5689ec74e88d3d25f3

  • SHA512

    0abb36af3f6ca0d21a2c67770a46c4e294d70fe93df92ef8a6f798b105d0b7814bd488208d0c5fe938e057fac7d3804360a51184ad5149d227c8a969c6f4f041

  • SSDEEP

    393216:1qg3v73ckdpCNy7+JAIrJ1ZPMdSdPjV7uVQ+JjSw351ouudAnrgo:1qg3v73ckdpCu+JAeJjMdYqFvRuCH

Score
10/10
raccoonb9b4a5e42f50e8047f7ce664bfc89e14stealer

Malware Config

Extracted

Family

raccoon

Botnet

b9b4a5e42f50e8047f7ce664bfc89e14

C2

http://37.220.87.66/

http://45.9.74.99
xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Best software 2023\Sеtup.exe
    "C:\Users\Admin\AppData\Local\Temp\Best software 2023\Sеtup.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4300-120-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4300-121-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4300-122-0x0000000000400000-0x0000000001E03000-memory.dmp

    Filesize

    26.0MB

    Download