Overview

overview

10

Static

static

3

0203ee4a42...cd.exe

windows7-x64

1

0203ee4a42...cd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-05-2024 01:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0203ee4a4252b78a17796e7e4832dcfb921051b87e4a727eae172ea13d9424cd.exe

  • Size

    6.7MB

  • MD5

    94bda0c9325b4655f5d422092b7e685f

  • SHA1

    5440a1d577194fb53cef821008853eabf77c4b5a

  • SHA256

    0203ee4a4252b78a17796e7e4832dcfb921051b87e4a727eae172ea13d9424cd

  • SHA512

    5e7bc7414074abec96a43b2bd5d0533491780ccff9303be26bcd3e25c7cb3faf1e05669ccb63c7808f6f7fd69ee90f5d46be770a870bb194b79be5c9b42f3243

  • SSDEEP

    196608:Sp460oG0zsP9fCoHMk79G/acvXVTLSNK:W454zswoZG/VTL

Score
10/10
raccoond6963f7081d7100d9b653c14683abd5estealer

Malware Config

Extracted

Family

raccoon

Botnet

d6963f7081d7100d9b653c14683abd5e

C2

http://185.25.51.5

http://185.25.51.6

http://213.252.244.5
Attributes
  • user_agent

    23591

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V2 payload 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0203ee4a4252b78a17796e7e4832dcfb921051b87e4a727eae172ea13d9424cd.exe
    "C:\Users\Admin\AppData\Local\Temp\0203ee4a4252b78a17796e7e4832dcfb921051b87e4a727eae172ea13d9424cd.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:5244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5244-0-0x000000000041E000-0x00000000007AB000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/5244-2-0x0000000000F00000-0x0000000000F01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5244-3-0x0000000000400000-0x0000000000E65000-memory.dmp

    Filesize

    10.4MB

    Download

  • memory/5244-1-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5244-5-0x0000000000400000-0x0000000000E65000-memory.dmp

    Filesize

    10.4MB

    Download

  • memory/5244-6-0x000000000041E000-0x00000000007AB000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/5244-7-0x0000000000400000-0x0000000000E65000-memory.dmp

    Filesize

    10.4MB

    Download

  • memory/5244-8-0x0000000000400000-0x0000000000E65000-memory.dmp

    Filesize

    10.4MB

    Download

  • memory/5244-9-0x000000000041E000-0x00000000007AB000-memory.dmp

    Filesize

    3.6MB

    Download