raccoon | df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee

Analysis

max time kernel
91s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2022 20:50

Target

df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
Size

1.6MB
MD5

4bad8e019dc6d8254185426c2fef0c59
SHA1

7b55fcbae0b8c90100a0b8b999292e1c83ab5947
SHA256

df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee
SHA512

c8b82b65ed3eb15fc208147587ea5051dde079eba9006fad751195d2004398c4bd2eed0e1b1aab6cd01a3526eb04b30eb4b0798e6e68f5019c0d4faf155bbf96
SSDEEP

49152:Tm5PrbWIRjUx3FEcLhbu32hEwdGvmKdAzDJ6SM:Tm5j0icVY2hNdGuKdAc

Score

10^/10

Family

raccoon

Botnet

9b19cf60d9bdf65b8a2495aa965456c3

http://5.2.70.65/

rc4.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Suspicious use of SetThreadContext 1 IoCs

Processes:

df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe

description	pid	process	target process
PID 2236 set thread context of 2860	2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe	InstallUtil.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe

pid	process
2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe

description	pid	process	target process
PID 2236 wrote to memory of 2860	2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe	InstallUtil.exe
PID 2236 wrote to memory of 2860	2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe	InstallUtil.exe
PID 2236 wrote to memory of 2860	2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe	InstallUtil.exe
PID 2236 wrote to memory of 2860	2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe	InstallUtil.exe
PID 2236 wrote to memory of 2860	2236	df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe	InstallUtil.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
2⤵
PID:2860

memory/2236-132-0x0000000002396000-0x0000000002AE0000-memory.dmp

Filesize
7.3MB

Download
memory/2236-133-0x0000000002AFA000-0x0000000002C6B000-memory.dmp

Filesize
1.4MB

Download
memory/2236-134-0x0000000002396000-0x0000000002AE0000-memory.dmp

Filesize
7.3MB

Download
memory/2236-135-0x0000000002AFA000-0x0000000002C6B000-memory.dmp

Filesize
1.4MB

Download
memory/2236-136-0x000000000CB60000-0x000000000CC50000-memory.dmp

Filesize
960KB

Download
memory/2236-137-0x000000000CB60000-0x000000000CC50000-memory.dmp

Filesize
960KB

Download
memory/2236-144-0x0000000002AFA000-0x0000000002C6B000-memory.dmp

Filesize
1.4MB

Download
memory/2860-138-0x0000000000000000-mapping.dmp

Download
memory/2860-139-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2860-141-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2860-143-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2860-145-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download