raccoon | f838af1b47541fd2fabba97dc00b9014776f4d2f04a709d56d1f3fbe38588b23 | Triage

Analysis

max time kernel
150s
max time network
202s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-05-2022 12:00

Sharing

Report Analysis Logs

General

Target

f838af1b47541fd2fabba97dc00b9014776f4d2f04a709d56d1f3fbe38588b23.exe
Size

485KB
MD5

27cec817124201e08ee60d926bea66ef
SHA1

427111ee74090bbd8a2b86ddd29c740a0a94499b
SHA256

f838af1b47541fd2fabba97dc00b9014776f4d2f04a709d56d1f3fbe38588b23
SHA512

59dd4dc14e298dc4e9074fcbc61d3a4d2270d4e4b0d68b8c67dc1ea6f4c1b440a6027509544aa797c9499eb021323cd952d468f5e15e794095e9005fdfb2e6da

Score

10^/10

raccoon 6938776b562423d4bb3bb6212e33389ee65fde1c stealer

Malware Config

Extracted

Family

raccoon

Botnet

6938776b562423d4bb3bb6212e33389ee65fde1c

Attributes

url4cnc
https://telete.in/j_1hannibal

rc4.plain

rc4.plain

Signatures

Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon

Raccoon Stealer Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1928-56-0x0000000000220000-0x00000000002B1000-memory.dmp	family_raccoon
behavioral1/memory/1928-57-0x0000000000400000-0x0000000004DF5000-memory.dmp	family_raccoon

C:\Users\Admin\AppData\Local\Temp\f838af1b47541fd2fabba97dc00b9014776f4d2f04a709d56d1f3fbe38588b23.exe
"C:\Users\Admin\AppData\Local\Temp\f838af1b47541fd2fabba97dc00b9014776f4d2f04a709d56d1f3fbe38588b23.exe"
1⤵
PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1928-54-0x0000000075941000-0x0000000075943000-memory.dmp

Filesize
8KB

Download
memory/1928-55-0x0000000004F5B000-0x0000000004FAC000-memory.dmp

Filesize
324KB

Download
memory/1928-56-0x0000000000220000-0x00000000002B1000-memory.dmp

Filesize
580KB

Download
memory/1928-57-0x0000000000400000-0x0000000004DF5000-memory.dmp

Filesize
74.0MB

Download