Overview

overview

10

Static

static

1

6c8a2cea4d...c1.exe

windows7-x64

10

6c8a2cea4d...c1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2023 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c8a2cea4dbf018262fc7ccf569de510c0a58612806a2be73a68d82f7b05d1c1.exe

  • Size

    3.4MB

  • MD5

    a8c1f96c58503a9c766c7ed239263260

  • SHA1

    37069d83d46b51baceb396c1947891e3974e7594

  • SHA256

    6c8a2cea4dbf018262fc7ccf569de510c0a58612806a2be73a68d82f7b05d1c1

  • SHA512

    c52b7dd8b56f955f8d88380d718045a02cbd7832caff6941e611465ef54cc8dad680055d9d2abdf27e5d354ebd079547e53ceb8f56e74678b999e0185969cb35

  • SSDEEP

    49152:i+vDJjWt5tw0YCFs7JojDRmrlOt9lSyA8a0c1bEP0EDrmLKW2l6a77Z:i+vDJjWt5tRYTUe0fJKJbpKWi1

Score
10/10
raccoonf80018d0f7c5463eabb5c698eb201532stealer

Malware Config

Extracted

Family

raccoon

Botnet

f80018d0f7c5463eabb5c698eb201532

C2

http://5.42.65.18:80/

http://5.42.64.13:80/

http://5.42.65.17:80/

http://5.42.65.12:80/
xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c8a2cea4dbf018262fc7ccf569de510c0a58612806a2be73a68d82f7b05d1c1.exe
    "C:\Users\Admin\AppData\Local\Temp\6c8a2cea4dbf018262fc7ccf569de510c0a58612806a2be73a68d82f7b05d1c1.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4112
    • C:\Users\Admin\AppData\Local\Temp\daa\wvpwffjntf
      "C:\Users\Admin\AppData\Local\Temp\daa\wvpwffjntf"
      2⤵
      • Executes dropped EXE
      PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\daa\wvpwffjntf
    Filesize

    1.4MB

    MD5

    aeb47b393079d8c92169f1ef88dd5696

    SHA1

    633602bae798867894494717268ca818f923ca18

    SHA256

    d83494cfb155056118365455f5396401e97bd50a156242f2b5025a44c67095b1

    SHA512

    7ed48d1bf7e514a736a34842a5a3ed18ade06a304b45c0520bd15c53cb95a8bf997c073030a88c1133c7df6e5ad08f44fe1a89ee90c79499e6fd54ce3fcd1ba0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\daa\wvpwffjntf
    Filesize

    1.4MB

    MD5

    aeb47b393079d8c92169f1ef88dd5696

    SHA1

    633602bae798867894494717268ca818f923ca18

    SHA256

    d83494cfb155056118365455f5396401e97bd50a156242f2b5025a44c67095b1

    SHA512

    7ed48d1bf7e514a736a34842a5a3ed18ade06a304b45c0520bd15c53cb95a8bf997c073030a88c1133c7df6e5ad08f44fe1a89ee90c79499e6fd54ce3fcd1ba0

    Download Submit

  • memory/1360-135-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1360-139-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1360-140-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1360-141-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download