Overview

overview

10

Static

static

3

114319af1b...in.exe

windows7-x64

10

114319af1b...in.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    63s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-06-2023 12:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    114319af1b37e7a22a3fd57d722e7f7a.bin.exe

  • Size

    508KB

  • MD5

    114319af1b37e7a22a3fd57d722e7f7a

  • SHA1

    c39e805df8a43f140ae3af3ae72d6b62c9106bc9

  • SHA256

    a040c35ef32cbe289d5bc2b8014adcb961ab3aed1e2873d1f2e335933e97927b

  • SHA512

    b655367e07eb81ba21b215ca6140a038c0850a05be97d7a1e0381865a099e4250ca4045bfaf9852bfb2854ffa96107383568c38b901e1e63f3f14f439f1e7f37

  • SSDEEP

    12288:ntH5NLaAdDhAAEIFcWX+t4o763GgB5KEA8GsEiybiL:ntH5sAdXEIFcUo763XxbEiyM

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer payload 3 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\114319af1b37e7a22a3fd57d722e7f7a.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\114319af1b37e7a22a3fd57d722e7f7a.bin.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\start.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:464
      • C:\2.1.1.1.exe
        2.1.1.1.exe -pAlex.199455alex.199455 -dC:\
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1524
        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\2.1.1.1.exe
          "C:\Users\Admin\AppData\Local\Temp\RarSFX0\2.1.1.1.exe"
          4⤵
          • Executes dropped EXE
          PID:912

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\2.1.1.1.exe
    Filesize

    338KB

    MD5

    9f7c947242b7ce3f185b04713d86d127

    SHA1

    ab270f914dec3eece3131dfbd5d22cad87f42ab9

    SHA256

    cd61404e2f0c45db3598d29e0d194b57905cb6dd9c55e5775fc10b1a46bfe993

    SHA512

    573ffbdbedbe18a24fad9a78d4704226b46928eca8edb945a9824293a66631752fcc449717ed46d6152d923537178bb74731f163f433d7152b721b9151f45a22

    Download Submit

  • C:\2.1.1.1.exe
    Filesize

    338KB

    MD5

    9f7c947242b7ce3f185b04713d86d127

    SHA1

    ab270f914dec3eece3131dfbd5d22cad87f42ab9

    SHA256

    cd61404e2f0c45db3598d29e0d194b57905cb6dd9c55e5775fc10b1a46bfe993

    SHA512

    573ffbdbedbe18a24fad9a78d4704226b46928eca8edb945a9824293a66631752fcc449717ed46d6152d923537178bb74731f163f433d7152b721b9151f45a22

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\2.1.1.1.exe
    Filesize

    50KB

    MD5

    3357867b4c095d1cf04d3d648eed5b4c

    SHA1

    4463030c518306e8eb1f811e3fefde96fbf57fe2

    SHA256

    75ac5377b0ba78771b4f352edb5ea243b2fb478f3cbe9e94ea559150125af13d

    SHA512

    3592c20a31541385238faebee0d7618ebd2a1cf58eb625585c2033586be0d2db5b671117a00989d633c44acdcc52c0a78a27fdd8e9a50da27792dbc88cc70f67

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\2.1.1.1.exe
    Filesize

    50KB

    MD5

    3357867b4c095d1cf04d3d648eed5b4c

    SHA1

    4463030c518306e8eb1f811e3fefde96fbf57fe2

    SHA256

    75ac5377b0ba78771b4f352edb5ea243b2fb478f3cbe9e94ea559150125af13d

    SHA512

    3592c20a31541385238faebee0d7618ebd2a1cf58eb625585c2033586be0d2db5b671117a00989d633c44acdcc52c0a78a27fdd8e9a50da27792dbc88cc70f67

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\2.1.1.1.exe
    Filesize

    50KB

    MD5

    3357867b4c095d1cf04d3d648eed5b4c

    SHA1

    4463030c518306e8eb1f811e3fefde96fbf57fe2

    SHA256

    75ac5377b0ba78771b4f352edb5ea243b2fb478f3cbe9e94ea559150125af13d

    SHA512

    3592c20a31541385238faebee0d7618ebd2a1cf58eb625585c2033586be0d2db5b671117a00989d633c44acdcc52c0a78a27fdd8e9a50da27792dbc88cc70f67

    Download Submit

  • C:\start.bat
    Filesize

    42B

    MD5

    c18e7402bfc924e0e3ef7c92b4d6db50

    SHA1

    e185027b2988cec5a919f72f79e42c17c7201297

    SHA256

    5fd3394e00feef9fc0c970fd02c2f91057e92ad8970559704ae3224968192c9e

    SHA512

    73ecaa2b760cbd11f24fd58f8f5c3dea947cfc7e58c9ef098b304a141062456982f93104b6fa16df212c8464a20daf029503f7752cd8e77e52b2aca027f05479

    Download Submit