raccoon | fd7b01818107ade3811fe5070491ef2a4bb208ca68bb07710f5c540e44a1e97b

Analysis

Target

test9.exe
Size

552KB
MD5

6b2a1bdeb277bbec7ca7b450787dd2ee
SHA1

62d8acc30d74066aa4e2bd7c30bfa99ad1b4574c
SHA256

fd7b01818107ade3811fe5070491ef2a4bb208ca68bb07710f5c540e44a1e97b
SHA512

cc32e883b9a10d8e774ebec3affeacca7bff573061043d2ef74d638d24977646e3ff3580ddd587e8c6739b2d9b5de0532917e39cc1a20ba2a7c8c3141edcb8af

Score

10^/10

Family

raccoon

Botnet

4a4c4acb62708e2b8f51583787f979bb17da6731

Attributes

url4cnc
http://185.163.204.81/sendmenuw
http://194.180.191.33/sendmenuw
http://174.138.11.98/sendmenuw
http://194.180.191.44/sendmenuw
http://91.219.236.120/sheinl
https://t.me/sendmenuw

rc4.plain

Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon
suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
suricata
suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
suricata
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3148 4628 WerFault.exe test9.exe

pid	pid_target	process	target process
3148	4628	WerFault.exe	test9.exe

C:\Users\Admin\AppData\Local\Temp\test9.exe
"C:\Users\Admin\AppData\Local\Temp\test9.exe"
1⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 1284
2⤵
- Program crash
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4628 -ip 4628
1⤵
PID:3952

memory/4628-131-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/4628-132-0x00000000020F0000-0x0000000002182000-memory.dmp

Filesize
584KB

Download
memory/4628-133-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download