Overview

overview

10

Static

static

3

ae0586d416...fe.exe

windows7-x64

10

ae0586d416...fe.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2023, 09:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ae0586d416a2c1310947a1017c43c0d95b04e80892804b3c61090b2087de0dfe.exe

  • Size

    17.6MB

  • MD5

    1fbf52eb4aa5fb5609bb63535e283835

  • SHA1

    a96aa7fb149885cbdbf1dd3fc529c003c82f6cbb

  • SHA256

    ae0586d416a2c1310947a1017c43c0d95b04e80892804b3c61090b2087de0dfe

  • SHA512

    41e70df4b62465849bd10cd48d8e8966721575e3ede2c7c07b1e511fbd864687e1095a0351f80361cf2f69946b7fcc519e4bddd4e5a24126f05a0d747bbadb56

  • SSDEEP

    393216:bu8SVoCsr12eyexwQ+/bDiZJKIIbsSSUmAWFPx/UQ0:bu8SVoCJeyexwVzcIoVA4Px/T0

Score
10/10
raccoon8c43462d3009db225c4c0889737572cdstealer

Malware Config

Extracted

Family

raccoon

Botnet

8c43462d3009db225c4c0889737572cd

C2

http://94.142.138.49:80/

http://94.142.138.108:80/
Attributes
  • user_agent

    DuckTales

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer payload 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae0586d416a2c1310947a1017c43c0d95b04e80892804b3c61090b2087de0dfe.exe
    "C:\Users\Admin\AppData\Local\Temp\ae0586d416a2c1310947a1017c43c0d95b04e80892804b3c61090b2087de0dfe.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4988

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4988-0-0x0000000003B60000-0x0000000003B61000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4988-1-0x0000000003B70000-0x0000000003B71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4988-2-0x0000000000400000-0x0000000001E41000-memory.dmp

          Filesize

          26.3MB

          Download

        • memory/4988-4-0x0000000003BB0000-0x0000000003BB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4988-5-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4988-3-0x0000000003B80000-0x0000000003B81000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4988-7-0x0000000003BE0000-0x0000000003BE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4988-6-0x0000000003BD0000-0x0000000003BD1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4988-9-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4988-8-0x0000000000400000-0x0000000001E41000-memory.dmp

          Filesize

          26.3MB

          Download

        • memory/4988-12-0x0000000000400000-0x0000000001E41000-memory.dmp

          Filesize

          26.3MB

          Download