Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-12-2024 03:13

General

  • Target

    90dda549593a7eaee8ce4c868ee1fbbfa7814ef660af560d2cb44650d26ce312.exe

  • Size

    226KB

  • MD5

    4382f175e013a9467bbc82148770a623

  • SHA1

    e2aa29c9dd92e67211bb1df92bfe27d16c428074

  • SHA256

    90dda549593a7eaee8ce4c868ee1fbbfa7814ef660af560d2cb44650d26ce312

  • SHA512

    2f3eb4c4c6f0075935f4afc1ae2feb1858d6e0035993071083e6b12b93a4d807cd2b10f7798a948939dec021043ff17c1ea6360015d3fdc375389c370ddfda90

  • SSDEEP

    6144:nXC/Er0LxFr05caPlAiGVAs0NbpzHuSs:nXpr0NFY5dNAiGVSN9zH

Malware Config

Extracted

Family

raccoon

Botnet

63267bc2317b9849c2d512a4e16b0f3b

C2

http://shettester1000.com/

Attributes
  • user_agent

    TakeMyPainBack

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

  • Raccoon family
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90dda549593a7eaee8ce4c868ee1fbbfa7814ef660af560d2cb44650d26ce312.exe
    "C:\Users\Admin\AppData\Local\Temp\90dda549593a7eaee8ce4c868ee1fbbfa7814ef660af560d2cb44650d26ce312.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4980
    • C:\Users\Admin\AppData\Local\Temp\90dda549593a7eaee8ce4c868ee1fbbfa7814ef660af560d2cb44650d26ce312.exe
      "C:\Users\Admin\AppData\Local\Temp\90dda549593a7eaee8ce4c868ee1fbbfa7814ef660af560d2cb44650d26ce312.exe"
      2⤵
        PID:1556

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1556-3-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

    • memory/1556-5-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

    • memory/1556-6-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

    • memory/4980-1-0x00000000006A0000-0x00000000007A0000-memory.dmp

      Filesize

      1024KB

    • memory/4980-2-0x0000000000600000-0x0000000000611000-memory.dmp

      Filesize

      68KB