raccoon | 4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563

Analysis

max time kernel
53s
max time network
62s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
16/10/2022, 17:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe
Size

220KB
MD5

7e0ca4c3e31519b2b599f40081cf5f12
SHA1

cdc02bb8f8752e827dfe84befddcbdd4696cd296
SHA256

4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563
SHA512

f249f30dae52bae904572b331cb96d39983e9c15778c1f07d7374f2eeabc8667f65b4d0f8cbf6c3c623b9e114df90fd479c6dee64ccee419de7529f3678e9000
SSDEEP

3072:tXpQbHChLT8QwarMG57rwHlfrHXV1522dWzJnyGS0Ku7HzEi2N27:paHChLLrMJrHXV+ryGS0362

Score

10^/10

raccoon 63267bc2317b9849c2d512a4e16b0f3b discovery spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

63267bc2317b9849c2d512a4e16b0f3b

http://shettester1000.com/

rc4.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4152 set thread context of 2364	4152	4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe	67

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 2364	4152	4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe	67
PID 4152 wrote to memory of 2364	4152	4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe	67
PID 4152 wrote to memory of 2364	4152	4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe	67
PID 4152 wrote to memory of 2364	4152	4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe	67
PID 4152 wrote to memory of 2364	4152	4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe	67
PID 4152 wrote to memory of 2364	4152	4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe	67
PID 4152 wrote to memory of 2364	4152	4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe	67
PID 4152 wrote to memory of 2364	4152	4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe	67
PID 4152 wrote to memory of 2364	4152	4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe	67
PID 4152 wrote to memory of 2364	4152	4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe	67

C:\Users\Admin\AppData\Local\Temp\4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe
"C:\Users\Admin\AppData\Local\Temp\4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Users\Admin\AppData\Local\Temp\4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe
  "C:\Users\Admin\AppData\Local\Temp\4a24fafb04de2a258aba84281ddc739275c05073894424a1de48e1ca95782563.exe"
  2⤵
  PID:2364

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2364-173-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-171-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-204-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2364-188-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-153-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-187-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-186-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-185-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-184-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-183-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-182-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-181-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-180-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2364-155-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-178-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-177-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-176-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-175-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-174-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-172-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-170-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2364-169-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-168-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-167-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-166-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-165-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-164-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-163-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-162-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-150-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2364-152-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-160-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-157-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-179-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-154-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-158-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-159-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/2364-161-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-133-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-138-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-148-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-147-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-146-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-145-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-143-0x0000000000580000-0x00000000006CA000-memory.dmp

Filesize
1.3MB

Download
memory/4152-144-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-142-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-140-0x0000000000580000-0x00000000006CA000-memory.dmp

Filesize
1.3MB

Download
memory/4152-121-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-141-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-120-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-124-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-149-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-136-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-139-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-135-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-134-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-131-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-132-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-137-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-130-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-129-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-128-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-126-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-125-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-123-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4152-122-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

Filesize
1.6MB

Download