raccoon | fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1 | Triage

Analysis

max time kernel
189s
max time network
195s
platform
windows7_x64
resource
win7-20220414-en
submitted
10-05-2022 18:54

Sharing

Report Analysis Logs

General

Target

fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe
Size

373KB
MD5

7e4a9d30bf65de75262cb1bce111dfb7
SHA1

5394765f6a6ce97d1450f18103291bb4eb164dc8
SHA256

fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1
SHA512

e5e132b10e546ed0a272c2bf27ca4517804c95e572415de7c6f4cbeeca346aa9f7127e8ed5fc1adfbe252f892c37cac9dabed6bafb968fa3918851bed86065fb

Score

10^/10

raccoon 42069a99036f7acbe85c9bc67fe3207cd01fb3fc stealer

Malware Config

Extracted

Family

raccoon

Botnet

42069a99036f7acbe85c9bc67fe3207cd01fb3fc

Attributes

url4cnc
https://telete.in/jagressor_kz

rc4.plain

rc4.plain

Signatures

Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon

Raccoon Stealer Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1940-56-0x0000000000340000-0x00000000003D0000-memory.dmp	family_raccoon
behavioral1/memory/1940-57-0x0000000000400000-0x0000000000FBA000-memory.dmp	family_raccoon

C:\Users\Admin\AppData\Local\Temp\fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe
"C:\Users\Admin\AppData\Local\Temp\fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe"
1⤵
PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1940-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/1940-56-0x0000000000340000-0x00000000003D0000-memory.dmp

Filesize
576KB

Download
memory/1940-55-0x00000000010EB000-0x000000000113C000-memory.dmp

Filesize
324KB

Download
memory/1940-57-0x0000000000400000-0x0000000000FBA000-memory.dmp

Filesize
11.7MB

Download