raccoon | f2551d6506bebf6a9522f1fef7764f483214f8baee5595957dc80472f0b43b05

Analysis

Target

f2551d6506bebf6a9522f1fef7764f483214f8baee5595957dc80472f0b43b05.exe
Size

482KB
MD5

82c49dd2427383d22d1e836e2adfd266
SHA1

9800e2b9e792e3f75aa34b65ba9a1f47b4371862
SHA256

f2551d6506bebf6a9522f1fef7764f483214f8baee5595957dc80472f0b43b05
SHA512

667832b086a226e09fce07d8c24cdff287a88821a7b026490ba27db5db1f90f3aa3af7d97ad76fb6ddd707fa294373c75366ae55ecaa3a8325f72af3fca4912a

Score

10^/10

Family

raccoon

Botnet

ef5c4ae6eecb3be16c1e2f8bfa015718d26593aa

Attributes

rc4.plain

Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon

Raccoon Stealer Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1068-57-0x0000000000310000-0x00000000003A0000-memory.dmp	family_raccoon
behavioral1/memory/1068-58-0x0000000000400000-0x00000000009C9000-memory.dmp	family_raccoon

C:\Users\Admin\AppData\Local\Temp\f2551d6506bebf6a9522f1fef7764f483214f8baee5595957dc80472f0b43b05.exe
"C:\Users\Admin\AppData\Local\Temp\f2551d6506bebf6a9522f1fef7764f483214f8baee5595957dc80472f0b43b05.exe"
1⤵
PID:1068

memory/1068-54-0x0000000000AC9000-0x0000000000B19000-memory.dmp

Filesize
320KB

Download
memory/1068-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download
memory/1068-57-0x0000000000310000-0x00000000003A0000-memory.dmp

Filesize
576KB

Download
memory/1068-56-0x0000000000AC9000-0x0000000000B19000-memory.dmp

Filesize
320KB

Download
memory/1068-58-0x0000000000400000-0x00000000009C9000-memory.dmp

Filesize
5.8MB

Download