raccoon | a02b961c3ee8f672f06eae019c1b5c1c753126b95edeb57458fea177f1f08828

Analysis

max time kernel
45s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02-02-2023 20:16

Target

bc46af138f661c31bd23dfed643aec0c.exe
Size

830KB
MD5

bc46af138f661c31bd23dfed643aec0c
SHA1

db363d46dfb756f97c7cfb3b0be91d1af5200a6b
SHA256

a02b961c3ee8f672f06eae019c1b5c1c753126b95edeb57458fea177f1f08828
SHA512

5c6171875162886b678daa1d4096b3c3ef0bc60fb83f7528c31eaa73c2def7adf4adb51cd858223690e9b684dce446811132bb8bfee5db78a478c77cc0b003c3
SSDEEP

24576:K2zMwwTlE32rV9AFLVGpMo5c+idrNtNNx8qR1g:3wTlOEsMK8c9dd4

Score

10^/10

Family

raccoon

Botnet

cabcf15ea37a24b58186813d42a6971f

http://83.217.11.16/

rc4.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Suspicious use of SetThreadContext 1 IoCs

Processes:

bc46af138f661c31bd23dfed643aec0c.exe

description pid process target process

PID 1144 set thread context of 584 1144 bc46af138f661c31bd23dfed643aec0c.exe bc46af138f661c31bd23dfed643aec0c.exe

description	pid	process	target process
PID 1144 set thread context of 584	1144	bc46af138f661c31bd23dfed643aec0c.exe	bc46af138f661c31bd23dfed643aec0c.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

bc46af138f661c31bd23dfed643aec0c.exe

description	pid	process	target process
PID 1144 wrote to memory of 584	1144	bc46af138f661c31bd23dfed643aec0c.exe	bc46af138f661c31bd23dfed643aec0c.exe
PID 1144 wrote to memory of 584	1144	bc46af138f661c31bd23dfed643aec0c.exe	bc46af138f661c31bd23dfed643aec0c.exe
PID 1144 wrote to memory of 584	1144	bc46af138f661c31bd23dfed643aec0c.exe	bc46af138f661c31bd23dfed643aec0c.exe
PID 1144 wrote to memory of 584	1144	bc46af138f661c31bd23dfed643aec0c.exe	bc46af138f661c31bd23dfed643aec0c.exe
PID 1144 wrote to memory of 584	1144	bc46af138f661c31bd23dfed643aec0c.exe	bc46af138f661c31bd23dfed643aec0c.exe
PID 1144 wrote to memory of 584	1144	bc46af138f661c31bd23dfed643aec0c.exe	bc46af138f661c31bd23dfed643aec0c.exe
PID 1144 wrote to memory of 584	1144	bc46af138f661c31bd23dfed643aec0c.exe	bc46af138f661c31bd23dfed643aec0c.exe
PID 1144 wrote to memory of 584	1144	bc46af138f661c31bd23dfed643aec0c.exe	bc46af138f661c31bd23dfed643aec0c.exe
PID 1144 wrote to memory of 584	1144	bc46af138f661c31bd23dfed643aec0c.exe	bc46af138f661c31bd23dfed643aec0c.exe

C:\Users\Admin\AppData\Local\Temp\bc46af138f661c31bd23dfed643aec0c.exe
"C:\Users\Admin\AppData\Local\Temp\bc46af138f661c31bd23dfed643aec0c.exe"
2⤵
PID:584

memory/584-60-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/584-61-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/584-63-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/584-65-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/584-66-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/584-67-0x00000000004088ED-mapping.dmp

Download
memory/1144-54-0x00000000009F0000-0x0000000000AC4000-memory.dmp

Filesize
848KB

Download
memory/1144-55-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download
memory/1144-56-0x0000000000290000-0x00000000002A6000-memory.dmp

Filesize
88KB

Download
memory/1144-57-0x00000000002C0000-0x00000000002CA000-memory.dmp

Filesize
40KB

Download
memory/1144-58-0x00000000047E0000-0x000000000483A000-memory.dmp

Filesize
360KB

Download
memory/1144-59-0x0000000000440000-0x0000000000460000-memory.dmp

Filesize
128KB

Download