raccoon | 5e9a226a59f05ad76f163b288d5366a8814d360a3d97f8e1f3271dab00d74db3

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04-04-2023 08:43

Target

5e9a226a59f05ad76f163b288d5366a8814d360a3d97f8e1f3271dab00d74db3.exe
Size

12.6MB
MD5

2cebe8f07ada227c0fb8bf94941162c7
SHA1

ed1141ffc75c413ad2ea91d1c6e3d220262c35e0
SHA256

5e9a226a59f05ad76f163b288d5366a8814d360a3d97f8e1f3271dab00d74db3
SHA512

02674f0bfe2750aa68c1a67b785d02ed5ffc55069700c99ae00ed5d2c65f9ed1fefda13573ccbea25b85344b4165317651c18c6f7d460ab8bcbdc8c15641aef9
SSDEEP

196608:NIwGXgGtIGbzp9yYXOcpg73bQZ+cXFH+5Y/W57Cd4LpaGGU8m3sV//5XgfFIMcI0:yXXXDpFORruH+EWkdCwU8sIJY

Score

10^/10

Family

raccoon

Botnet

13718a923845c0cdab8ce45c585b8d63

http://45.15.156.143/

rc4.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

5e9a226a59f05ad76f163b288d5366a8814d360a3d97f8e1f3271dab00d74db3.exe

pid process

1532 5e9a226a59f05ad76f163b288d5366a8814d360a3d97f8e1f3271dab00d74db3.exe

pid	process
1532	5e9a226a59f05ad76f163b288d5366a8814d360a3d97f8e1f3271dab00d74db3.exe

C:\Users\Admin\AppData\Local\Temp\5e9a226a59f05ad76f163b288d5366a8814d360a3d97f8e1f3271dab00d74db3.exe
"C:\Users\Admin\AppData\Local\Temp\5e9a226a59f05ad76f163b288d5366a8814d360a3d97f8e1f3271dab00d74db3.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1532

memory/1532-55-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1532-54-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1532-56-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1532-57-0x0000000000400000-0x0000000001A70000-memory.dmp

Filesize
22.4MB

Download