Overview

overview

10

Static

static

3

Set-up.exe

windows7-x64

10

Set-up.exe

windows10-2004-x64

10

Resubmissions

16-06-2023 12:03

230616-n8jhhaef3v 10

16-06-2023 11:37

230616-nrne5aeg67 10

15-06-2023 17:20

230615-vwxypaae5x 10

Analysis

  • max time kernel
    29s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2023 11:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Set-up.exe

  • Size

    198.2MB

  • MD5

    d4802f87e9520dd656714ba3c65add4b

  • SHA1

    0c9431436cc632293f856f11547dfdaeedd8e054

  • SHA256

    6c019eff0a348b52fe76a0a97e564c547cfed86ec01e197a458696563061054d

  • SHA512

    06da0c4017e71d9a1da55cd65423203b53f7e5da3930e34241b64d24be3e3866c39ed48dd10156654a9a45f70f83b12f02972945cf9501e9be30674bef158cfe

  • SSDEEP

    196608:hf1E7bL4wssAcHkklyu74Yb+RcPwYh937sMj98YQYL6dVHkXS1I1F+r5ywYWVBd4:h9Ez4wvZDv+2Zh9Nj953II1FG5yVAhS1

Score
10/10
raccoonf1c3f7a3e12da19758239f0284e7dc2cstealer

Malware Config

Extracted

Family

raccoon

Botnet

f1c3f7a3e12da19758239f0284e7dc2c

C2

http://37.220.87.66/

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Set-up.exe
    "C:\Users\Admin\AppData\Local\Temp\Set-up.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2020-54-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-55-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-56-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-57-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-58-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-59-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-60-0x0000000000400000-0x0000000001B76000-memory.dmp

    Filesize

    23.5MB

    Download