Analysis
-
max time kernel
141s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
24-12-2024 04:48
Static task
static1
Behavioral task
behavioral1
Sample
04c19789a1716d3e4c4596d2369b040b0b56f3e925950dfbe75403fcfa0cf403.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
04c19789a1716d3e4c4596d2369b040b0b56f3e925950dfbe75403fcfa0cf403.exe
Resource
win10v2004-20241007-en
General
-
Target
04c19789a1716d3e4c4596d2369b040b0b56f3e925950dfbe75403fcfa0cf403.exe
-
Size
585KB
-
MD5
6136478ca6237eb48dd53d67e63284ff
-
SHA1
45c9935633d4000c61613639d567a5a1689ef42c
-
SHA256
04c19789a1716d3e4c4596d2369b040b0b56f3e925950dfbe75403fcfa0cf403
-
SHA512
52d5be544a0a2bc6f9f5dbad1b0a0754629ab0f6d1955a30dd16282e7b6e951e68c5bcff5f4bbc8e6025522f0f8f7c5ceac510f4124ea28706f06b336ba91e9a
-
SSDEEP
12288:mjn73hDQYS0ZKSS9279jgpohT+xt3/oc28vaFkfoMX:iNUYS0MSSsR+xtvoc28AoF
Malware Config
Extracted
raccoon
1.8.5
d115c43f4d2f6c8bf988876d36a853fc73a3025e
-
url4cnc
http://91.219.236.133/h_smurf1kman_1
http://194.180.174.145/h_smurf1kman_1
http://188.166.1.115/h_smurf1kman_1
http://91.219.236.139/h_smurf1kman_1
http://194.180.174.147/h_smurf1kman_1
http://185.3.95.153/h_smurf1kman_1
http://185.163.204.22/h_smurf1kman_1
https://t.me/h_smurf1kman_1
Signatures
-
Raccoon Stealer V1 payload 6 IoCs
resource yara_rule behavioral1/memory/2380-2-0x0000000000330000-0x00000000003C2000-memory.dmp family_raccoon_v1 behavioral1/memory/2380-3-0x0000000000400000-0x0000000000494000-memory.dmp family_raccoon_v1 behavioral1/memory/2380-6-0x0000000000330000-0x00000000003C2000-memory.dmp family_raccoon_v1 behavioral1/memory/2380-5-0x0000000000400000-0x000000000061A000-memory.dmp family_raccoon_v1 behavioral1/memory/2380-7-0x0000000000400000-0x0000000000494000-memory.dmp family_raccoon_v1 behavioral1/memory/2380-13-0x0000000000400000-0x000000000061A000-memory.dmp family_raccoon_v1 -
Raccoon family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 04c19789a1716d3e4c4596d2369b040b0b56f3e925950dfbe75403fcfa0cf403.exe