Analysis
-
max time kernel
139s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
10-07-2023 12:33
General
-
Target
tmp.exe
-
Size
971KB
-
MD5
c3e9908d1e901feba57d1787d20890bb
-
SHA1
72411751972fac27bccc40df6daf287893a82a2d
-
SHA256
dcaea3df855bc03a2723979525b63da64e13958a68741ddbe92e183135fc9247
-
SHA512
28a6535d4fdf58ebc0dffbc470a3d4dbc8e3c9d8e96c8d471bf69902152d795ab5d5867b8d5a96cdb4a2eb59529b127d233d14e190cb3c4ede3e9d594d411889
-
SSDEEP
12288:qJjXuA5ao5Xc3Foj2btm0S82Iz89LUzLeGOMFWhLpUrc+nT9vwM5Lru7h2xC+:smBF2C20LDIhLpUI+vHxC+
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
3f5db940cf0d55359bd7997f1d8cbde7
C2
http://91.242.229.237:80/
xor.plain
Signatures
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer payload 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe"2⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
-
Filesize
60KB
-
Filesize
60KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
984KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
64KB
-
Filesize
624KB