raccoon | ae2bb300caa97fd6525dc55c40c924f5c755b7e39a425c6f7227f6b41fea8051

Analysis

max time kernel
74s
max time network
87s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/10/2022, 13:34

Target

ae2bb300caa97fd6525dc55c40c924f5c755b7e39a425c6f7227f6b41fea8051.exe
Size

374.3MB
MD5

7f5b8de40f6835ab8785de0e071c54c4
SHA1

279d4b61baed09e8da720bef2d4b6644ea9d3506
SHA256

ae2bb300caa97fd6525dc55c40c924f5c755b7e39a425c6f7227f6b41fea8051
SHA512

97103d746539ed91897cdfe0d0c9fbab0410926a7a9deeb58a05670f5a7f2ab99266d49a97ec12d8b1e4ea29bcfca8ac4b3a0c7fce9561dd8a785171aec8b4af
SSDEEP

196608:QdBYsV3a612JFv5fuDwkueiG8zDSCQE0:5sV3X1w5QwkueL8zDwE

Score

10^/10

Family

raccoon

Botnet

9f1bf6c233c7b39a900e1d729788cb49

http://94.131.97.57/

http://45.67.229.149/

rc4.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1452	ae2bb300caa97fd6525dc55c40c924f5c755b7e39a425c6f7227f6b41fea8051.exe
1452	ae2bb300caa97fd6525dc55c40c924f5c755b7e39a425c6f7227f6b41fea8051.exe

C:\Users\Admin\AppData\Local\Temp\ae2bb300caa97fd6525dc55c40c924f5c755b7e39a425c6f7227f6b41fea8051.exe
"C:\Users\Admin\AppData\Local\Temp\ae2bb300caa97fd6525dc55c40c924f5c755b7e39a425c6f7227f6b41fea8051.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1452

memory/1452-54-0x0000000000B40000-0x0000000001579000-memory.dmp

Filesize
10.2MB

Download
memory/1452-56-0x0000000000B40000-0x0000000001579000-memory.dmp

Filesize
10.2MB

Download
memory/1452-57-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download
memory/1452-58-0x0000000000B40000-0x0000000001579000-memory.dmp

Filesize
10.2MB

Download
memory/1452-59-0x0000000000B40000-0x0000000001579000-memory.dmp

Filesize
10.2MB

Download