raccoon | 17c0d5648287b4e09ecbe801099da44d46d6316c33adafd232e31afb1e7d62ce

Analysis

max time kernel
31s
max time network
26s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2023 08:11

Target

b6e4d270c1b21a976b44afb1b953dd40.exe
Size

272KB
MD5

b6e4d270c1b21a976b44afb1b953dd40
SHA1

adbb688191055585782014d3ee907a38651968a1
SHA256

17c0d5648287b4e09ecbe801099da44d46d6316c33adafd232e31afb1e7d62ce
SHA512

de4014d700cda1effe9782abb3264e328fb4da7b537b7752f082a99f079b556d0b303eca962cfd59c0f864b935a58382597f8b8cf65f37361e2881f853cf7f78
SSDEEP

3072:hX3QRrFI6eGFb5KU/OyUq/UKyvI0ya0cjC5MTpl2yYx1mdYqt4qndE8SUlutGm:FCrZFBUCYIMjCyplpy17kLdKt

Score

10^/10

Family

raccoon

Botnet

d87b51d1771107cfddb7c7acd7727950

http://37.1.208.22/

rc4.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4672 2732 WerFault.exe b6e4d270c1b21a976b44afb1b953dd40.exe

pid	pid_target	process	target process
4672	2732	WerFault.exe	b6e4d270c1b21a976b44afb1b953dd40.exe

C:\Users\Admin\AppData\Local\Temp\b6e4d270c1b21a976b44afb1b953dd40.exe
"C:\Users\Admin\AppData\Local\Temp\b6e4d270c1b21a976b44afb1b953dd40.exe"
1⤵
PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 764
2⤵
- Program crash
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 2732 -ip 2732
1⤵
PID:4876

memory/2732-132-0x0000000002DAE000-0x0000000002DBF000-memory.dmp

Filesize
68KB

Download
memory/2732-133-0x0000000002D40000-0x0000000002D50000-memory.dmp

Filesize
64KB

Download
memory/2732-134-0x0000000000400000-0x0000000002BAB000-memory.dmp

Filesize
39.7MB

Download
memory/2732-135-0x0000000002DAE000-0x0000000002DBF000-memory.dmp

Filesize
68KB

Download