Overview

overview

10

Static

static

1

LaunchGenerator.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    49s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2023 14:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LaunchGenerator.exe

  • Size

    4.3MB

  • MD5

    627d82750b160ef011f454b4f89da531

  • SHA1

    1745c41d2af5b44a628f1eb4e8282343520e6df5

  • SHA256

    d5be51a192a63b24a7bd27cc757b94f414ad9f0ce4af2dcbb5b09a002dbd6b01

  • SHA512

    fc3121856341fd444bcf118fb7cc57bfe0edc4900e349b049f594724371361d1b1fbd4faa6510e6cd6a5fbf4158be25ab55efe634356628da6452d284eb9e0e7

  • SSDEEP

    98304:Ss8+qwJb/57aEHonzWsEReNBFVxEvw4+x6U4TOFEWHrTLZr7UD9ybPNkQBeR/LGK:hWnzWsERKBDC4THz9UD9YeR/y+EiIZsN

Score
10/10
raccoona95204dfc046767be08c19284b5fa96b442bac02stealer

Malware Config

Extracted

Family

raccoon

Botnet

a95204dfc046767be08c19284b5fa96b442bac02

Attributes
  • url4cnc

    http://185.163.204.81/yeswemaf

    http://194.180.191.33/yeswemaf

    http://174.138.11.98/yeswemaf

    http://194.180.191.44/yeswemaf

    http://91.219.236.120/yeswemaf

    https://t.me/yeswemaf

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 63 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 46 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LaunchGenerator.exe
    "C:\Users\Admin\AppData\Local\Temp\LaunchGenerator.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3472
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:3744
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3760

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3472-2-0x00000000000A0000-0x00000000001A0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3744-1-0x0000000000400000-0x0000000000493000-memory.dmp

      Filesize

      588KB

      Download

    • memory/3744-8-0x0000000000400000-0x0000000000493000-memory.dmp

      Filesize

      588KB

      Download

    • memory/3760-16-0x000001EAE90C0000-0x000001EAE90C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3760-11-0x000001EAE90C0000-0x000001EAE90C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3760-10-0x000001EAE90C0000-0x000001EAE90C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3760-9-0x000001EAE90C0000-0x000001EAE90C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3760-15-0x000001EAE90C0000-0x000001EAE90C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3760-18-0x000001EAE90C0000-0x000001EAE90C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3760-17-0x000001EAE90C0000-0x000001EAE90C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3760-19-0x000001EAE90C0000-0x000001EAE90C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3760-20-0x000001EAE90C0000-0x000001EAE90C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3760-21-0x000001EAE90C0000-0x000001EAE90C1000-memory.dmp

      Filesize

      4KB

      Download