Overview

overview

10

Static

static

3

9d873ac495...a6.exe

windows7-x64

10

9d873ac495...a6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/02/2025, 09:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6.exe

  • Size

    411KB

  • MD5

    fcd45147067fa6a6bdfc9a7fe59a4ef7

  • SHA1

    3d87ce5a741dfdb6ef32bd1f0adabac6bd3267a6

  • SHA256

    9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6

  • SHA512

    4919a9239ef8756b6ba89e44014443b71c16d44a15bb1399cdbe58151da94a0c2c2f115b9426072153b7d0b24ae543a34a2240b201f3ff431e10f1281b0b9249

  • SSDEEP

    6144:OmQDk3/qrGIWKC6/ZiIuudpyZru4D8yoy5txyxR52S2ZYLIaOjxQRTPI+5N7v:u6AGIWh6/ZBuu+1VYUdGTzjLuxKP

Score
10/10
raccoond0a4bfbf53b7cfb0f2c36ea3dac687a23a8d514ediscoverystealer

Malware Config

Extracted

Family

raccoon

Botnet

d0a4bfbf53b7cfb0f2c36ea3dac687a23a8d514e

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=1bFIJe6mzezYRts1ADNHaG0Wi8T1yMIYo

rc4.plain
1
1@zFg08*@45
rc4.plain
1
40e64d6e664770e47e1d7c0c33438f72

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 5 IoCs
  • Raccoon family
    raccoon
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6.exe
    "C:\Users\Admin\AppData\Local\Temp\9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 924
      2⤵
      • Program crash
      PID:2716

Network

  • flag-us
    DNS
    drive.google.com
    9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6.exe
    Remote address:
    8.8.8.8:53
    Request
    drive.google.com
    IN A
    Response
    drive.google.com
    IN A
    142.250.179.238
  • flag-gb
    GET
    https://drive.google.com/uc?export=download&id=1bFIJe6mzezYRts1ADNHaG0Wi8T1yMIYo
    9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6.exe
    Remote address:
    142.250.179.238:443
    Request
    GET /uc?export=download&id=1bFIJe6mzezYRts1ADNHaG0Wi8T1yMIYo HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: application/x-www-form-urlencoded
    Host: drive.google.com
    Response
    HTTP/1.1 303 See Other
    Content-Type: application/binary
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Fri, 14 Feb 2025 09:43:40 GMT
    Location: https://drive.usercontent.google.com/download?id=1bFIJe6mzezYRts1ADNHaG0Wi8T1yMIYo&export=download
    Strict-Transport-Security: max-age=31536000
    Content-Security-Policy: script-src 'report-sample' 'nonce--Oz46WD1jkVu29OB5W0vzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    Cross-Origin-Opener-Policy: same-origin
    Server: ESF
    Content-Length: 0
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    drive.usercontent.google.com
    9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6.exe
    Remote address:
    8.8.8.8:53
    Request
    drive.usercontent.google.com
    IN A
    Response
    drive.usercontent.google.com
    IN A
    216.58.213.1
  • flag-gb
    GET
    https://drive.usercontent.google.com/download?id=1bFIJe6mzezYRts1ADNHaG0Wi8T1yMIYo&export=download
    9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6.exe
    Remote address:
    216.58.213.1:443
    Request
    GET /download?id=1bFIJe6mzezYRts1ADNHaG0Wi8T1yMIYo&export=download HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Host: drive.usercontent.google.com
    Response
    HTTP/1.1 404 Not Found
    X-GUploader-UploadID: AHMx-iGv8xKNyZd12gIGmcPrsOG7E4tuuqgzUEgKIE3sDl3HjDEe48NX_rUmrR8WU29pWRso
    Content-Type: text/html; charset=utf-8
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: Mon, 01 Jan 1990 00:00:00 GMT
    Date: Fri, 14 Feb 2025 09:43:40 GMT
    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
    Content-Security-Policy: script-src 'report-sample' 'nonce-zG4JMpwHmGXwxsX1T1QWJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
    Cross-Origin-Opener-Policy: same-origin
    Content-Length: 1652
    Server: UploadServer
    Set-Cookie: NID=521=Tzv0lsYoGJByotVPqSo4yMHJRCKbPebAEpU3o1pz9pa_3kkTAyhmGInyP5kzStosIAYSQ711_6R3l4PZaiETNLQ1Yp9Wm8YWjKFaxCiCRWY0okuQG2Qx0diQPhLcvSUEupbSaTSSMmpcKcyusYoxJLihJDbsEBtj3XZEJ7y0J3P5rspYzW2RsunHSA; expires=Sat, 16-Aug-2025 09:43:40 GMT; path=/; domain=.google.com; HttpOnly
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Content-Security-Policy: sandbox allow-scripts
  • 142.250.179.238:443
    https://drive.google.com/uc?export=download&id=1bFIJe6mzezYRts1ADNHaG0Wi8T1yMIYo
    tls, http
    9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6.exe
    1.2kB
     8.5kB
     11
    11

    HTTP Request

    GET https://drive.google.com/uc?export=download&id=1bFIJe6mzezYRts1ADNHaG0Wi8T1yMIYo

    HTTP Response

    303
  • 216.58.213.1:443
    https://drive.usercontent.google.com/download?id=1bFIJe6mzezYRts1ADNHaG0Wi8T1yMIYo&export=download
    tls, http
    9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6.exe
    979 B
     8.4kB
     11
    14

    HTTP Request

    GET https://drive.usercontent.google.com/download?id=1bFIJe6mzezYRts1ADNHaG0Wi8T1yMIYo&export=download

    HTTP Response

    404
  • 8.8.8.8:53
    drive.google.com
    dns
    9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6.exe
    62 B
     78 B
     1
    1

    DNS Request

    drive.google.com

    DNS Response

    142.250.179.238

  • 8.8.8.8:53
    drive.usercontent.google.com
    dns
    9d873ac495f066a7946ef46fa40276d7c639b025139b90343ec9c5518bf010a6.exe
    74 B
     90 B
     1
    1

    DNS Request

    drive.usercontent.google.com

    DNS Response

    216.58.213.1

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2708-1-0x0000000000690000-0x0000000000790000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2708-2-0x0000000000220000-0x00000000002A0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2708-3-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/2708-4-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

    Download

  • memory/2708-5-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/2708-7-0x0000000000220000-0x00000000002A0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2708-6-0x0000000000690000-0x0000000000790000-memory.dmp

    Filesize

    1024KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.