raccoon | 4613c25bd3e60c4a8c60300607f6fa149c888be67c6531990a46daa0753a35f0 | Triage

Analysis

max time kernel
166s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
20-05-2022 03:28

Sharing

Report Analysis Logs

General

Target

4613c25bd3e60c4a8c60300607f6fa149c888be67c6531990a46daa0753a35f0.exe
Size

450KB
MD5

d9c1b78925b9ed6683c965c6a2c1e6cb
SHA1

3690da86e67e4e50da7753f05e5c82ed2d88fc42
SHA256

4613c25bd3e60c4a8c60300607f6fa149c888be67c6531990a46daa0753a35f0
SHA512

c63c72dc97b188149b8afca7ad29ef2fd1d936fe4d24874ff06dca746aa902e6e2f863f5673b07d57d172a5ec00e5a4c962d33f86e17f12a72b5c1726e2308e1

Score

10^/10

raccoon 2fbc1001a29b36fd46b399b989fcebb70b3928d8 stealer

Malware Config

Extracted

Family

raccoon

Botnet

2fbc1001a29b36fd46b399b989fcebb70b3928d8

Attributes

url4cnc
https://telete.in/iscommon13

rc4.plain

rc4.plain

Signatures

Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon

Raccoon Stealer Payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1600-131-0x0000000003570000-0x0000000003600000-memory.dmp	family_raccoon
behavioral2/memory/1600-132-0x0000000000400000-0x00000000032DB000-memory.dmp	family_raccoon

C:\Users\Admin\AppData\Local\Temp\4613c25bd3e60c4a8c60300607f6fa149c888be67c6531990a46daa0753a35f0.exe
"C:\Users\Admin\AppData\Local\Temp\4613c25bd3e60c4a8c60300607f6fa149c888be67c6531990a46daa0753a35f0.exe"
1⤵
PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-130-0x0000000003617000-0x0000000003667000-memory.dmp

Filesize
320KB

Download
memory/1600-131-0x0000000003570000-0x0000000003600000-memory.dmp

Filesize
576KB

Download
memory/1600-132-0x0000000000400000-0x00000000032DB000-memory.dmp

Filesize
46.9MB

Download