Overview

overview

10

Static

static

3

d97e8c4b84...78.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    429s
  • max time network
    437s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-08-2023 04:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d97e8c4b846f1743bae248137e96b7ed4c241ef71aaa2227347e71f509f0cd78.exe

  • Size

    2.1MB

  • MD5

    be6381dc3f83d6134c2d23f6607be2ed

  • SHA1

    26490592f3d71c2aaff76760e9d6ce7daeaf8a8f

  • SHA256

    d97e8c4b846f1743bae248137e96b7ed4c241ef71aaa2227347e71f509f0cd78

  • SHA512

    fe2714c85bd4a2793600840f3f0492e94914052f8ca2edaa7c0bd21dab56ae45a135bc76714ec200d2bd9b8aad8fdcc8ec1401e4685264c555be2c55e7f287e5

  • SSDEEP

    24576:7NDh/Et25n61RW2wzG9RI7Z7v4uCJIJIJv5nQmDFzyLW0/Yzq1xxqKOI:MY4uCJIJIJR4WAd1

Score
10/10
raccoon8c02f5edc9bd60a9dac0ee41df0c95a1stealer

Malware Config

Extracted

Family

raccoon

Botnet

8c02f5edc9bd60a9dac0ee41df0c95a1

C2

http://91.103.252.217:80/

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer payload 4 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d97e8c4b846f1743bae248137e96b7ed4c241ef71aaa2227347e71f509f0cd78.exe
    "C:\Users\Admin\AppData\Local\Temp\d97e8c4b846f1743bae248137e96b7ed4c241ef71aaa2227347e71f509f0cd78.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4336
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
        PID:3780
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
        2⤵
          PID:1584
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
          2⤵
            PID:2680
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
            2⤵
              PID:4280
          • C:\Windows\System32\rundll32.exe
            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
            1⤵
              PID:1016
            • C:\Users\Admin\AppData\Local\Temp\d97e8c4b846f1743bae248137e96b7ed4c241ef71aaa2227347e71f509f0cd78.exe
              "C:\Users\Admin\AppData\Local\Temp\d97e8c4b846f1743bae248137e96b7ed4c241ef71aaa2227347e71f509f0cd78.exe"
              1⤵
              • Suspicious use of SetThreadContext
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4772
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
                2⤵
                  PID:3460

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\d97e8c4b846f1743bae248137e96b7ed4c241ef71aaa2227347e71f509f0cd78.exe.log
                Filesize

                1KB

                MD5

                810357fda64ba3c74e82ec426afd87bb

                SHA1

                91b0e5127b695b0b83168f93fe8afdaeff370fe9

                SHA256

                ebd611ff388a31540ad2f5b4bde6d1b938e96a7c0e5e6e4c7e2fe9d4d64bca5b

                SHA512

                feab9180f02a60bc7ad1afbd30ec7ef4a4656ae5b21c6070056c4dfd113c5b353b43d9b8b0060feb056cfb13d7215f7ac879e80a208ec945d907f03ff7cf45b5

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Windows (C) - Shortcut.lnk
                Filesize

                542B

                MD5

                e459101f7506beea3a6f30c51efd1f4a

                SHA1

                0e2e232744746feeaa3feb3cdcd766aa715ffd59

                SHA256

                2340cf48e50309f2018d5e97a74bd9ea83490a48ef361a2e8c12a737a80308bb

                SHA512

                915c1e6656312d8c497457ba94c939cb528fbc3f8c3c852b8b13854c7dbcf7657b8a1d030b19ab1b51dec9b1931a7c6cab2638229b9214c78da4e28d09138a89

                Download Submit

              • memory/3460-257-0x0000000000400000-0x0000000000417000-memory.dmp

                Filesize

                92KB

                Download

              • memory/4280-192-0x0000000000400000-0x0000000000417000-memory.dmp

                Filesize

                92KB

                Download

              • memory/4280-197-0x0000000000400000-0x0000000000417000-memory.dmp

                Filesize

                92KB

                Download

              • memory/4280-194-0x0000000000400000-0x0000000000417000-memory.dmp

                Filesize

                92KB

                Download

              • memory/4336-169-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-179-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-141-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-143-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-145-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-147-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-149-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-151-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-153-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-155-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-157-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-159-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-161-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-163-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-165-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-167-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-133-0x00000000748D0000-0x0000000075080000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/4336-171-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-173-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-175-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-177-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-140-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-181-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-183-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-185-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-187-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-189-0x0000000005950000-0x0000000005973000-memory.dmp

                Filesize

                140KB

                Download

              • memory/4336-190-0x0000000005990000-0x0000000005991000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4336-191-0x00000000061B0000-0x000000000624C000-memory.dmp

                Filesize

                624KB

                Download

              • memory/4336-139-0x00000000053F0000-0x0000000005400000-memory.dmp

                Filesize

                64KB

                Download

              • memory/4336-138-0x00000000748D0000-0x0000000075080000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/4336-196-0x00000000748D0000-0x0000000075080000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/4336-137-0x00000000054C0000-0x00000000054D2000-memory.dmp

                Filesize

                72KB

                Download

              • memory/4336-136-0x00000000054E0000-0x0000000005572000-memory.dmp

                Filesize

                584KB

                Download

              • memory/4336-134-0x0000000000850000-0x0000000000A70000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/4336-135-0x00000000059B0000-0x0000000005F54000-memory.dmp

                Filesize

                5.6MB

                Download

              • memory/4772-252-0x0000000005220000-0x0000000005221000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4772-251-0x0000000073C90000-0x0000000074440000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/4772-256-0x0000000073C90000-0x0000000074440000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/4772-200-0x0000000005240000-0x0000000005250000-memory.dmp

                Filesize

                64KB

                Download

              • memory/4772-199-0x0000000073C90000-0x0000000074440000-memory.dmp

                Filesize

                7.7MB

                Download