Analysis
-
max time kernel
443s -
max time network
1170s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-es -
resource tags
-
submitted
04-06-2024 01:11
General
-
Target
Setup.exe
-
Size
986.1MB
-
MD5
36f96bb2220861f5315f3b4de51105ad
-
SHA1
15fb865cc0949e7ae96e97b59dbaef09f02cf04c
-
SHA256
a72da86eeebd5577083b1b1feb55bbb8fbda6f995bca6f67d53d251c4c8c0791
-
SHA512
866136b4b33d01e4551581aa2d6b41cffcf42539c2df620057b7b7c9c394198f84985e4f1979175b83148422697b895256b816a1afb8c5bb97b860d366338b1b
-
SSDEEP
393216:CEgPTO/bjSeaYI8hxobWiI3+j57lGi0oc:myDpXDwTI3i5JjK
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
540b1db0b12b23e63e6942952aa03e47
C2
http://45.9.74.36/
http://45.9.74.34/
Attributes
-
user_agent
B1D3N_RIM_MY_ASS
xor.plain
Signatures
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer V2 payload 3 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1996-0-0x000000000041E000-0x0000000000E62000-memory.dmpFilesize
10.3MB
-
memory/1996-1-0x0000000001C70000-0x0000000001C71000-memory.dmpFilesize
4KB
-
memory/1996-2-0x0000000001C80000-0x0000000001C81000-memory.dmpFilesize
4KB
-
memory/1996-3-0x0000000000400000-0x0000000001B6C000-memory.dmpFilesize
23.4MB
-
memory/1996-5-0x0000000000400000-0x0000000001B6C000-memory.dmpFilesize
23.4MB
-
memory/1996-6-0x000000000041E000-0x0000000000E62000-memory.dmpFilesize
10.3MB
-
memory/1996-7-0x0000000000400000-0x0000000001B6C000-memory.dmpFilesize
23.4MB