Overview

overview

10

Static

static

3

F0nts/DL/Winzip.exe

windows7-x64

4

F0nts/DL/Winzip.exe

windows10-2004-x64

1

F0nts/Lang...ip.exe

windows7-x64

1

F0nts/Lang...ip.exe

windows10-2004-x64

1

F0nts/Nita/Winzip.exe

windows7-x64

1

F0nts/Nita/Winzip.exe

windows10-2004-x64

1

F0nts/Rupo/Winzip.exe

windows7-x64

1

F0nts/Rupo/Winzip.exe

windows10-2004-x64

1

F0nts/Tire/Winzip.exe

windows7-x64

1

F0nts/Tire/Winzip.exe

windows10-2004-x64

1

F0nts/erro...ip.exe

windows7-x64

1

F0nts/erro...ip.exe

windows10-2004-x64

1

LaNgz/Winzip.exe

windows7-x64

1

LaNgz/Winzip.exe

windows10-2004-x64

1

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    839s
  • max time network
    845s
  • platform
    windows7_x64
  • resource
    win7-20240221-es
  • resource tags

    arch:x64arch:x86image:win7-20240221-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    04-06-2024 01:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    986.1MB

  • MD5

    36f96bb2220861f5315f3b4de51105ad

  • SHA1

    15fb865cc0949e7ae96e97b59dbaef09f02cf04c

  • SHA256

    a72da86eeebd5577083b1b1feb55bbb8fbda6f995bca6f67d53d251c4c8c0791

  • SHA512

    866136b4b33d01e4551581aa2d6b41cffcf42539c2df620057b7b7c9c394198f84985e4f1979175b83148422697b895256b816a1afb8c5bb97b860d366338b1b

  • SSDEEP

    393216:CEgPTO/bjSeaYI8hxobWiI3+j57lGi0oc:myDpXDwTI3i5JjK

Score
10/10
raccoon540b1db0b12b23e63e6942952aa03e47stealer

Malware Config

Extracted

Family

raccoon

Botnet

540b1db0b12b23e63e6942952aa03e47

C2

http://45.9.74.36/

http://45.9.74.34/
Attributes
  • user_agent

    B1D3N_RIM_MY_ASS

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V2 payload 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2492-0-0x000000000041E000-0x0000000000E62000-memory.dmp
    Filesize

    10.3MB

    Download
  • memory/2492-12-0x0000000000400000-0x0000000001B6C000-memory.dmp
    Filesize

    23.4MB

    Download
  • memory/2492-10-0x0000000000270000-0x0000000000271000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-8-0x0000000000270000-0x0000000000271000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-6-0x0000000000270000-0x0000000000271000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-5-0x0000000000260000-0x0000000000261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-3-0x0000000000260000-0x0000000000261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-1-0x0000000000260000-0x0000000000261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2492-13-0x0000000000400000-0x0000000001B6C000-memory.dmp
    Filesize

    23.4MB

    Download
  • memory/2492-14-0x0000000000400000-0x0000000001B6C000-memory.dmp
    Filesize

    23.4MB

    Download
  • memory/2492-15-0x000000000041E000-0x0000000000E62000-memory.dmp
    Filesize

    10.3MB

    Download
  • memory/2492-16-0x0000000000400000-0x0000000001B6C000-memory.dmp
    Filesize

    23.4MB

    Download