Overview

overview

10

Static

static

1

Setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1758s
  • max time network
    1809s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-fr
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-frlocale:fr-fros:windows10-2004-x64systemwindows
  • submitted
    11-04-2024 20:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    771.4MB

  • MD5

    ffe8bc9fc555ea52e70a6bc12312fc63

  • SHA1

    588440491cee2058b8b3371992eddee0974f8ebf

  • SHA256

    1563848a0922d9f812561a1de0d283d8f555ff6033859eac55c8bcd3e8384f7e

  • SHA512

    fa48f41d7011f2910f452db2268b5bd5b21a824584fd71a684edaf432252ffd0932d53b86fc12770640e64b9b93e8c84df1e0440c024d0207d521f67eccaff6d

  • SSDEEP

    25165824:snnnnnnnnnnnnnnnnnnnnnpnnnnnnnnnnnnnnnnnnnnnpnnnq:snnnnnnnnnnnnnnnnnnnnnpnnnnnnnnY

Score
10/10
raccoon9860ca26c485252b154e235f5ec11f71stealer

Malware Config

Extracted

Family

raccoon

Botnet

9860ca26c485252b154e235f5ec11f71

C2

http://94.142.138.228:80/

Attributes
  • user_agent

    DuckTales

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V2 payload 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
      PID:3976
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=fr --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4100 --field-trial-handle=2116,i,12698802542633817476,13099254042843148779,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1068
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=fr --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1712 --field-trial-handle=2116,i,12698802542633817476,13099254042843148779,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:1840

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3976-0-0x0000000000400000-0x0000000000939000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/3976-1-0x0000000000400000-0x0000000000939000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/3976-3-0x0000000000400000-0x0000000000939000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/3976-6-0x0000000000400000-0x0000000000939000-memory.dmp

          Filesize

          5.2MB

          Download