Overview

overview

10

Static

static

7

Setup_x32_x64.exe

windows7-x64

10

Setup_x32_x64.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    31-07-2023 12:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_x32_x64.exe

  • Size

    992.0MB

  • MD5

    aa87368fd85c71caebb069bbd711b5ba

  • SHA1

    2c2390bb8cff65b843a682cdb613909cc5fc3579

  • SHA256

    1f88c89c82edcde05886262f770bd3df3af0049924d7e290cdc3ab6586503e0a

  • SHA512

    4d99c8857d50729e1e99a0f477f5950deff6c11a820095ce765946100b0a0ee58a4fe483589459fba9c5683b79a8f8946879b2cf33eb79fa0a1b486bd64210ca

  • SSDEEP

    196608:gpKYW15rR/FityRl28WklfrrN+tBaa/bK0a99R:g0YsTUcP27SfctBV+089R

Score
10/10
raccoon94c54520400750937a6f1bf6044f8667stealervmprotect

Malware Config

Extracted

Family

raccoon

Botnet

94c54520400750937a6f1bf6044f8667

C2

http://185.181.10.208/

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer payload 4 IoCs
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_x32_x64.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_x32_x64.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2324-55-0x0000000000400000-0x0000000000DC1000-memory.dmp

    Filesize

    9.8MB

    Download

  • memory/2324-54-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-57-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-59-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-60-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-62-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-64-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-67-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-69-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-72-0x0000000000370000-0x0000000000371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-74-0x0000000000370000-0x0000000000371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-79-0x0000000000390000-0x0000000000391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-77-0x0000000000390000-0x0000000000391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-82-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-84-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-87-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-85-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-90-0x0000000077DB0000-0x0000000077DB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-91-0x0000000000400000-0x0000000000DC1000-memory.dmp

    Filesize

    9.8MB

    Download

  • memory/2324-89-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-93-0x0000000000400000-0x0000000000DC1000-memory.dmp

    Filesize

    9.8MB

    Download

  • memory/2324-94-0x0000000000400000-0x0000000000DC1000-memory.dmp

    Filesize

    9.8MB

    Download