raccoon | dce93b967a62d16f95ce6b36bae49e5e409c433c0e2cdf29f1afca2cf2f80f2c

Analysis

max time kernel
144s
max time network
60s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
26/03/2023, 23:43

Target

setup.exe
Size

9.8MB
MD5

a417a25a29d1e25d545eb4d5fac008ed
SHA1

a10b247168a16aa0e0d333903d0c381c1fb72157
SHA256

dce93b967a62d16f95ce6b36bae49e5e409c433c0e2cdf29f1afca2cf2f80f2c
SHA512

b161a4298da511336b07bb7b44d54286a01ef62a9e0814ce2454b40c6b556cd93f420dcb7411f46c4f738986ba175686af7bf8ddd14e240bc4bb6d305e335803
SSDEEP

196608:K3yQvf7t9WepdCO/UsaXcGORRdZHQZ0oWM0TwQAvNIzw5jCRjtT:GB9WepdCb+lRR7QZ0oWVwTxjCR

Score

10^/10

Family

raccoon

Botnet

7af851c87aaae953215cdfcef767dccb

http://45.9.74.170

http://77.73.134.43

rc4.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1100	taskmgr.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Suspicious use of SendNotifyMessage 33 IoCs

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2040

memory/1100-59-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1100-60-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2040-54-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2040-55-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2040-56-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2040-57-0x0000000000400000-0x00000000014E4000-memory.dmp

Filesize
16.9MB

Download