raccoon | f838af1b47541fd2fabba97dc00b9014776f4d2f04a709d56d1f3fbe38588b23 | Triage

Analysis

max time kernel
189s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12-05-2022 12:00

Sharing

Report Analysis Logs

General

Target

f838af1b47541fd2fabba97dc00b9014776f4d2f04a709d56d1f3fbe38588b23.exe
Size

485KB
MD5

27cec817124201e08ee60d926bea66ef
SHA1

427111ee74090bbd8a2b86ddd29c740a0a94499b
SHA256

f838af1b47541fd2fabba97dc00b9014776f4d2f04a709d56d1f3fbe38588b23
SHA512

59dd4dc14e298dc4e9074fcbc61d3a4d2270d4e4b0d68b8c67dc1ea6f4c1b440a6027509544aa797c9499eb021323cd952d468f5e15e794095e9005fdfb2e6da

Score

10^/10

raccoon 6938776b562423d4bb3bb6212e33389ee65fde1c stealer

Malware Config

Extracted

Family

raccoon

Botnet

6938776b562423d4bb3bb6212e33389ee65fde1c

Attributes

url4cnc
https://telete.in/j_1hannibal

rc4.plain

rc4.plain

Signatures

Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon

Raccoon Stealer Payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2360-131-0x0000000006B60000-0x0000000006BF1000-memory.dmp	family_raccoon
behavioral2/memory/2360-132-0x0000000000400000-0x0000000004DF5000-memory.dmp	family_raccoon

C:\Users\Admin\AppData\Local\Temp\f838af1b47541fd2fabba97dc00b9014776f4d2f04a709d56d1f3fbe38588b23.exe
"C:\Users\Admin\AppData\Local\Temp\f838af1b47541fd2fabba97dc00b9014776f4d2f04a709d56d1f3fbe38588b23.exe"
1⤵
PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2360-130-0x0000000004F58000-0x0000000004FA9000-memory.dmp

Filesize
324KB

Download
memory/2360-131-0x0000000006B60000-0x0000000006BF1000-memory.dmp

Filesize
580KB

Download
memory/2360-132-0x0000000000400000-0x0000000004DF5000-memory.dmp

Filesize
74.0MB

Download