raccoon | a30ccc070b01f71c5fc7064303d822556bd4dee57a50e4fc8870feaf1fbbded5

Analysis

max time kernel
26s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12-04-2023 08:07

Target

1Satup.exe
Size

1024.0MB
MD5

47f8832cbd46f8177f199861c65725b8
SHA1

c3fe7f280a978e3bc3c137c96d878a310e362aed
SHA256

9f9059c67c5bb5158ee0eeb6470cd9c25e861f8f58a3f3b339237e1d7c6f67e0
SHA512

48194e0383c260e5a2cd4a6b57cfc2862086bd33f1633de9c0f1571ef4c50a247b7fb1190a783be11d3f6135148bd62331eaa5b7ae1e41b653e99a1283b208eb
SSDEEP

196608:3EEGSLeQvIcM0fqPJI+a8sET0wyxrWRx14AeHDJlTjpWNGQbMaKGMGDrIcMZZp:3ySOcM0fqPJilEwfxKoAqlPuGF8M2CZp

Score

10^/10

Family

raccoon

Botnet

13718a923845c0cdab8ce45c585b8d63

http://45.15.156.198/

xor.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

1Satup.exe

pid process

1544 1Satup.exe

pid	process
1544	1Satup.exe

C:\Users\Admin\AppData\Local\Temp\1Satup.exe
"C:\Users\Admin\AppData\Local\Temp\1Satup.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1544

memory/1544-54-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1544-55-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1544-56-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1544-57-0x0000000000400000-0x0000000001A79000-memory.dmp

Filesize
22.5MB

Download