raccoon | 5c812bf6cabc1a39dd3755f7855839a438fc500274c5cbaecbe85a3e7ca64a32 | Triage

Analysis

max time kernel
161s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
07-05-2022 23:27

Sharing

Report Analysis Logs

General

Target

5c812bf6cabc1a39dd3755f7855839a438fc500274c5cbaecbe85a3e7ca64a32.exe
Size

381KB
MD5

1032a4533fd0ca99b6df7f5da8c3c49e
SHA1

c5a49a7757971253080e63120ddfea33a9251a30
SHA256

5c812bf6cabc1a39dd3755f7855839a438fc500274c5cbaecbe85a3e7ca64a32
SHA512

bbbc0043e4901d2090725d9a66881f83fdc27869f81353d073ba0b18a58766cef613adc558df915c3f3f1a5a037e5d0547d3d1e69b9dbb962ff1a5a036ae9298

Score

10^/10

raccoon e2aa166910287dc974f86ca4070f524ebcc126ee stealer

Malware Config

Extracted

Family

raccoon

Botnet

e2aa166910287dc974f86ca4070f524ebcc126ee

Attributes

url4cnc
https://telete.in/bpa1010100102

rc4.plain

rc4.plain

Signatures

Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon

Raccoon Stealer Payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4936-131-0x0000000000FC0000-0x0000000001051000-memory.dmp	family_raccoon
behavioral2/memory/4936-132-0x0000000000400000-0x0000000000FBD000-memory.dmp	family_raccoon

C:\Users\Admin\AppData\Local\Temp\5c812bf6cabc1a39dd3755f7855839a438fc500274c5cbaecbe85a3e7ca64a32.exe
"C:\Users\Admin\AppData\Local\Temp\5c812bf6cabc1a39dd3755f7855839a438fc500274c5cbaecbe85a3e7ca64a32.exe"
1⤵
PID:4936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4936-130-0x0000000001072000-0x00000000010C2000-memory.dmp

Filesize
320KB

Download
memory/4936-131-0x0000000000FC0000-0x0000000001051000-memory.dmp

Filesize
580KB

Download
memory/4936-132-0x0000000000400000-0x0000000000FBD000-memory.dmp

Filesize
11.7MB

Download