Analysis
-
max time kernel
33s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
23/03/2025, 20:32
Behavioral task
behavioral1
Sample
0.exe
Resource
win7-20250207-en
Behavioral task
behavioral2
Sample
0.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral3
Sample
1.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
1.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral5
Sample
3.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
3.exe
Resource
win10v2004-20250314-en
General
-
Target
0.exe
-
Size
449KB
-
MD5
7b20f5c61780fe383f45ca6e18ed5a6a
-
SHA1
bc9bfd59f0cde312cd9a0d20784887fed9b8c836
-
SHA256
26ccbcb079b3f0cc183293351c40da3146d2ddec9b4d6cd314090cfab94834df
-
SHA512
8a63f6ad20fe18bd49d055ae05bc81fe30d0ebfb25a37428b17b43569b53bf2560f0de8f993f62a2f5d458db78e6d24ad71fca8d7fd1133d3cb499dff356e68b
-
SSDEEP
12288:r7fSQUrrX/pC2Hwxx/Pb1JTUPd0o7Vzl:rzynxmPrrTUPdL7VJ
Malware Config
Extracted
raccoon
4ea2de23519e3f57fa6e68e00db8cdfa44e74741
-
url4cnc
https://telete.in/char0nsevenll
Signatures
-
Raccoon Stealer V1 payload 5 IoCs
resource yara_rule behavioral2/memory/3920-2-0x00000000037A0000-0x0000000003830000-memory.dmp family_raccoon_v1 behavioral2/memory/3920-3-0x0000000000400000-0x0000000000493000-memory.dmp family_raccoon_v1 behavioral2/memory/3920-5-0x00000000037A0000-0x0000000003830000-memory.dmp family_raccoon_v1 behavioral2/memory/3920-7-0x0000000000400000-0x0000000000493000-memory.dmp family_raccoon_v1 behavioral2/memory/3920-6-0x0000000000400000-0x00000000032DB000-memory.dmp family_raccoon_v1 -
Raccoon family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0.exe