raccoon | 7116331436a96122d32c8dbfef9c7e78b5f1c3084b03105626f2ce4b8a5235eb | Triage

Analysis

max time kernel
168s
max time network
199s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-05-2022 14:49

Sharing

Report Analysis Logs

General

Target

7116331436a96122d32c8dbfef9c7e78b5f1c3084b03105626f2ce4b8a5235eb.exe
Size

467KB
MD5

bf6e1e17b6afd813f73c7cffd16eb778
SHA1

017522977cbe8f44e829dfade75b22d161574695
SHA256

7116331436a96122d32c8dbfef9c7e78b5f1c3084b03105626f2ce4b8a5235eb
SHA512

3a49b43e6b5e3c4680f84d766a057a042b5f3bbfca19eafa931d7ac48f1f798f626042d61f2a7f6d8a2143c7e915f72a6bb2bd6d87e58dabf75ca0ab021fccb0

Score

10^/10

raccoon 5b9507f31300da17ee8b8729dce2bce0de872f9e stealer

Malware Config

Extracted

Family

raccoon

Botnet

5b9507f31300da17ee8b8729dce2bce0de872f9e

Attributes

url4cnc
https://telete.in/j_1hannibal

rc4.plain

rc4.plain

Signatures

Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon

Raccoon Stealer Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1960-56-0x0000000000220000-0x00000000002B0000-memory.dmp	family_raccoon
behavioral1/memory/1960-57-0x0000000000400000-0x0000000004DF1000-memory.dmp	family_raccoon

C:\Users\Admin\AppData\Local\Temp\7116331436a96122d32c8dbfef9c7e78b5f1c3084b03105626f2ce4b8a5235eb.exe
"C:\Users\Admin\AppData\Local\Temp\7116331436a96122d32c8dbfef9c7e78b5f1c3084b03105626f2ce4b8a5235eb.exe"
1⤵
PID:1960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1960-54-0x0000000075DB1000-0x0000000075DB3000-memory.dmp

Filesize
8KB

Download
memory/1960-55-0x0000000004F9B000-0x0000000004FEC000-memory.dmp

Filesize
324KB

Download
memory/1960-56-0x0000000000220000-0x00000000002B0000-memory.dmp

Filesize
576KB

Download
memory/1960-57-0x0000000000400000-0x0000000004DF1000-memory.dmp

Filesize
73.9MB

Download