raccoon | aba176220478b64db54ec6caf7cc46df9703c32e94273aa0368fbe65ce6f5aa6

Analysis

max time kernel
65s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2023 14:54

Target

file.exe
Size

294KB
MD5

230d9421f84f0be0a8bbe86bd03e9629
SHA1

8e04318e54e37e23625a608daf39fe058c02690d
SHA256

aba176220478b64db54ec6caf7cc46df9703c32e94273aa0368fbe65ce6f5aa6
SHA512

d746a21a3083062ab1a8fe8594135b586403ff1de50ada3a65a85555464dc49d4a94a471ea5a9a6cb675e353fe53797950bb53aaee7752a418bf6a7f3def3f54
SSDEEP

3072:Y6uIHYbCLpB7R4WQh57U+RUySs3nci7iEOp8c0ADHS7f43H7BFhiAIBRCDR1:sOYbCLpAWQjzRjb3ceku6S7f4VRIj

Score

10^/10

Family

raccoon

Botnet

960d8047e2829c4b87de991d706e2490

http://45.15.156.209/

rc4.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1684 4136 WerFault.exe file.exe

pid	pid_target	process	target process
1684	4136	WerFault.exe	file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 760
2⤵
- Program crash
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4136 -ip 4136
1⤵
PID:4268

memory/4136-132-0x0000000000789000-0x000000000079E000-memory.dmp

Filesize
84KB

Download
memory/4136-133-0x0000000000700000-0x000000000071C000-memory.dmp

Filesize
112KB

Download
memory/4136-134-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/4136-135-0x0000000000789000-0x000000000079E000-memory.dmp

Filesize
84KB

Download
memory/4136-136-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download