Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

dac8ee3a0a...69.exe

windows7-x64

10

dac8ee3a0a...69.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 21:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe

  • Size

    513KB

  • MD5

    ee9b26fbb31bdfe4a8f580e2d9b7d456

  • SHA1

    b7db67aa207ec71aa3585c9ea24df7feaf5f33f6

  • SHA256

    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569

  • SHA512

    22014d742f767209248837f1d76fea84d0195793fdfc54eb9a506f6e428dd77aa1fcb78ce594a026b30206ea31043079dc768ef17c62ad618e5b329dc4d6441d

  • SSDEEP

    12288:QFwCxfP1WYfrLD4oCOeOzp2md5lFOAxDW:IV18YXz/cMFOAA

Score
10/10
raccoon7ebf9b416b72a203df65383eec899dc689d2c3d7discoverystealer

Malware Config

Extracted

Family

raccoon

Botnet

7ebf9b416b72a203df65383eec899dc689d2c3d7

Attributes
  • url4cnc

    http://telegatt.top/agrybirdsgamerept

    http://telegka.top/agrybirdsgamerept

    http://telegin.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
1
iV8+pT5$yP7{
rc4.plain
1
25ef3d2ceb7c85368a843a6d0ff8291d

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 5 IoCs
  • Raccoon family
    raccoon
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    "C:\Users\Admin\AppData\Local\Temp\dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1540

Network

  • flag-us
    DNS
    telegatt.top
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    Remote address:
    8.8.8.8:53
    Request
    telegatt.top
    IN A
    Response
  • flag-us
    DNS
    telegka.top
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    Remote address:
    8.8.8.8:53
    Request
    telegka.top
    IN A
    Response
    telegka.top
    IN A
    107.178.223.183
    telegka.top
    IN A
    104.155.138.21
  • flag-us
    GET
    http://telegka.top/agrybirdsgamerept
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    Remote address:
    107.178.223.183:80
    Request
    GET /agrybirdsgamerept HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telegka.top
    Response
    HTTP/1.1 200 OK
    Content-Length: 0
  • flag-us
    GET
    http://telegka.top/agrybirdsgamerept
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    Remote address:
    107.178.223.183:80
    Request
    GET /agrybirdsgamerept HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telegka.top
    Response
    HTTP/1.1 200 OK
    Content-Length: 0
  • flag-us
    GET
    http://telegka.top/agrybirdsgamerept
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    Remote address:
    107.178.223.183:80
    Request
    GET /agrybirdsgamerept HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telegka.top
    Response
    HTTP/1.1 200 OK
    Content-Length: 0
  • flag-us
    GET
    http://telegka.top/agrybirdsgamerept
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    Remote address:
    104.155.138.21:80
    Request
    GET /agrybirdsgamerept HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telegka.top
    Response
    HTTP/1.1 200 OK
    Content-Length: 0
  • flag-us
    GET
    http://telegka.top/agrybirdsgamerept
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    Remote address:
    107.178.223.183:80
    Request
    GET /agrybirdsgamerept HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telegka.top
    Response
    HTTP/1.1 200 OK
    Content-Length: 0
  • flag-us
    DNS
    telegin.top
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    Remote address:
    8.8.8.8:53
    Request
    telegin.top
    IN A
    Response
  • 107.178.223.183:80
    http://telegka.top/agrybirdsgamerept
    http
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    530 B
     290 B
     8
    6

    HTTP Request

    GET http://telegka.top/agrybirdsgamerept

    HTTP Response

    200
  • 107.178.223.183:80
    http://telegka.top/agrybirdsgamerept
    http
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    484 B
     290 B
     7
    6

    HTTP Request

    GET http://telegka.top/agrybirdsgamerept

    HTTP Response

    200
  • 107.178.223.183:80
    http://telegka.top/agrybirdsgamerept
    http
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    392 B
     250 B
     5
    5

    HTTP Request

    GET http://telegka.top/agrybirdsgamerept

    HTTP Response

    200
  • 107.178.223.183:80
    telegka.top
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    152 B
     3
  • 104.155.138.21:80
    http://telegka.top/agrybirdsgamerept
    http
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    392 B
     250 B
     5
    5

    HTTP Request

    GET http://telegka.top/agrybirdsgamerept

    HTTP Response

    200
  • 107.178.223.183:80
    telegka.top
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    152 B
     3
  • 104.155.138.21:80
    telegka.top
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    152 B
     3
  • 107.178.223.183:80
    http://telegka.top/agrybirdsgamerept
    http
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    392 B
     250 B
     5
    5

    HTTP Request

    GET http://telegka.top/agrybirdsgamerept

    HTTP Response

    200
  • 8.8.8.8:53
    telegatt.top
    dns
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    58 B
     128 B
     1
    1

    DNS Request

    telegatt.top

  • 8.8.8.8:53
    telegka.top
    dns
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    57 B
     89 B
     1
    1

    DNS Request

    telegka.top

    DNS Response

    107.178.223.183
    104.155.138.21

  • 8.8.8.8:53
    telegin.top
    dns
    dac8ee3a0aae52a2e9b5bbf307606966c5174651391cf573a7af72c4a0eb2569.exe
    57 B
     127 B
     1
    1

    DNS Request

    telegin.top

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1540-0-0x0000000000280000-0x00000000002CE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1540-1-0x0000000002FC0000-0x000000000304E000-memory.dmp

    Filesize

    568KB

    Download

  • memory/1540-2-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/1540-3-0x0000000000280000-0x00000000002CE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1540-4-0x0000000000400000-0x0000000002F47000-memory.dmp

    Filesize

    43.3MB

    Download

  • memory/1540-5-0x0000000002FC0000-0x000000000304E000-memory.dmp

    Filesize

    568KB

    Download

  • memory/1540-6-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.