Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

028d53f522...fa.exe

windows7-x64

10

028d53f522...fa.exe

windows10-2004-x64

10

Bot_Checker.exe

windows7-x64

3

Bot_Checker.exe

windows10-2004-x64

7

Uninstall.exe

windows7-x64

3

Uninstall.exe

windows10-2004-x64

7

Versium.exe

windows7-x64

7

Versium.exe

windows10-2004-x64

7

VersiumRes...it.exe

windows7-x64

10

VersiumRes...it.exe

windows10-2004-x64

10

VersiumRes...it.exe

windows7-x64

1

VersiumRes...it.exe

windows10-2004-x64

1

Versiumresearch.exe

windows7-x64

6

Versiumresearch.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/11/2024, 11:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VersiumResearch32bit.exe

  • Size

    504KB

  • MD5

    8479bce60218cd871c118308ded82d39

  • SHA1

    0388ec861b2ac5c7f4dc6eed249d92d3002fe66e

  • SHA256

    15078be80772a449383c5f6a7631955039b82ebaf507ab67e61093b70b98dc43

  • SHA512

    f4be47baee6baeacbe1e27174ad83700efc78ab2d02262d718c7436d2304fc16618a5911bed63ed8d2e947af3c511d17b77ddfccea9a4e6aab9f3956fcf322f8

  • SSDEEP

    12288:KZCvp4LezCdIzVgs4Bi9ecBTBB85c50J3FTI:KZuKezCqzVgsy8acqBI

Score
10/10
raccoon5c07c7a19b0c108c44d95accd1e1b897aa1528e1discoverystealer

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

5c07c7a19b0c108c44d95accd1e1b897aa1528e1

Attributes
  • url4cnc

    https://telete.in/fsp1boomgasio

rc4.plain
1
$Z2s`ten\@bE9vzR
rc4.plain
1
0818c9d32bb7252a454d53f8239c55e6

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 5 IoCs
  • Raccoon family
    raccoon
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\VersiumResearch32bit.exe
    "C:\Users\Admin\AppData\Local\Temp\VersiumResearch32bit.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1660

Network

  • flag-us
    DNS
    telete.in
    VersiumResearch32bit.exe
    Remote address:
    8.8.8.8:53
    Request
    telete.in
    IN A
    Response
    telete.in
    IN A
    199.59.243.227
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    435 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    386 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    435 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    386 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    288 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    441 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    288 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    487 B
     306 B
     8
    7
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    386 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    288 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    VersiumResearch32bit.exe
    288 B
     219 B
     5
    5
  • 8.8.8.8:53
    telete.in
    dns
    VersiumResearch32bit.exe
    55 B
     71 B
     1
    1

    DNS Request

    telete.in

    DNS Response

    199.59.243.227

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1660-1-0x0000000002E70000-0x0000000002F70000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1660-2-0x0000000000220000-0x00000000002B3000-memory.dmp

    Filesize

    588KB

    Download

  • memory/1660-3-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/1660-4-0x0000000002E70000-0x0000000002F70000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1660-5-0x0000000000220000-0x00000000002B3000-memory.dmp

    Filesize

    588KB

    Download

  • memory/1660-7-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/1660-6-0x0000000000400000-0x0000000002CB4000-memory.dmp

    Filesize

    40.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.