Analysis Overview
SHA256
4eb1537b1b1fac89e3a5b1c40b80500a6385e3a3601ec903971d88fa00740232
Threat Level: Known bad
The file 2025-03-20_a6ee68a3af1a97be5140f8bbe8e1951f_amadey_rhadamanthys_sakula_smoke-loader was found to be: Known bad.
Malicious Activity Summary
Raccoon
Raccoon Stealer V1 payload
Raccoon family
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-20 13:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-20 13:31
Reported
2025-03-20 13:34
Platform
win7-20240903-en
Max time kernel
150s
Max time network
145s
Command Line
Signatures
Raccoon
Raccoon Stealer V1 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Raccoon family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-03-20_a6ee68a3af1a97be5140f8bbe8e1951f_amadey_rhadamanthys_sakula_smoke-loader.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-03-20_a6ee68a3af1a97be5140f8bbe8e1951f_amadey_rhadamanthys_sakula_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-20_a6ee68a3af1a97be5140f8bbe8e1951f_amadey_rhadamanthys_sakula_smoke-loader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | telete.in | udp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | tcp | |
| US | 199.59.243.228:443 | tcp |
Files
memory/2328-1-0x0000000000270000-0x0000000000370000-memory.dmp
memory/2328-2-0x0000000000A10000-0x0000000000AA3000-memory.dmp
memory/2328-3-0x0000000000400000-0x0000000000495000-memory.dmp
memory/2328-4-0x0000000000270000-0x0000000000370000-memory.dmp
memory/2328-5-0x0000000000A10000-0x0000000000AA3000-memory.dmp
memory/2328-7-0x0000000000400000-0x0000000000495000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-03-20 13:31
Reported
2025-03-20 13:34
Platform
win10v2004-20250314-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Raccoon
Raccoon Stealer V1 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Raccoon family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-03-20_a6ee68a3af1a97be5140f8bbe8e1951f_amadey_rhadamanthys_sakula_smoke-loader.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-03-20_a6ee68a3af1a97be5140f8bbe8e1951f_amadey_rhadamanthys_sakula_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-20_a6ee68a3af1a97be5140f8bbe8e1951f_amadey_rhadamanthys_sakula_smoke-loader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | telete.in | udp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
| US | 199.59.243.228:443 | telete.in | tcp |
Files
memory/452-1-0x0000000000AF0000-0x0000000000BF0000-memory.dmp
memory/452-2-0x0000000002830000-0x00000000028C3000-memory.dmp
memory/452-3-0x0000000000400000-0x0000000000495000-memory.dmp
memory/452-4-0x0000000000AF0000-0x0000000000BF0000-memory.dmp
memory/452-6-0x0000000002830000-0x00000000028C3000-memory.dmp
memory/452-7-0x0000000000400000-0x0000000000495000-memory.dmp