raccoon | dfef233329384f446387917bbae7247921336ea120c40933105dc578e63e7060 | Triage

Analysis

max time kernel
61s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2023 15:55

Sharing

Report Analysis Logs

General

Target

Setup.exe
Size

6.3MB
MD5

5c4b94c2a389d952c31ac763481220d8
SHA1

d1c33eae6ebbc609973b2c4e6838a2929b1b08ae
SHA256

dfef233329384f446387917bbae7247921336ea120c40933105dc578e63e7060
SHA512

60dacced0d3a51c3887a5438c3fb27e2cce4c0b1af2331ffae4454fc260ddd7982941de9b5f145107fcc8260790300bd5b8be7c1cb88ea728d4d74877cae40b0
SSDEEP

196608:y/bSOCD3GS/tYWQn2H0+cdFCsnS5HGgAHfJMBWL:gbCCSiWm2U+c6sDh9

Score

10^/10

raccoon 717609e6131226f92ce8ce08c34305be stealer

Malware Config

Extracted

Family

raccoon

Botnet

717609e6131226f92ce8ce08c34305be

C2

http://83.217.11.23

http://77.73.134.82

rc4.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Setup.exe

pid process

4844 Setup.exe
4844 Setup.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4844-132-0x0000000000400000-0x0000000000DFB000-memory.dmp

Filesize
10.0MB

Download
memory/4844-134-0x0000000000400000-0x0000000000DFB000-memory.dmp

Filesize
10.0MB

Download
memory/4844-135-0x0000000000400000-0x0000000000DFB000-memory.dmp

Filesize
10.0MB

Download
memory/4844-136-0x0000000000400000-0x0000000000DFB000-memory.dmp

Filesize
10.0MB

Download