raccoon | 1599a612187565c699dfe4f10b04f5621ba04ab053ba1284a008706f0c13d5cb | Triage

Analysis

max time kernel
46s
max time network
36s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13-05-2023 13:46

Sharing

Report Analysis Logs

General

Target

ProtonVPN_3.0.5.exe
Size

296KB
MD5

c5e15dbab0811bd42a6e4d62132ff459
SHA1

777ad485da8359a3194b8b5f6fad514bffd5cdac
SHA256

1599a612187565c699dfe4f10b04f5621ba04ab053ba1284a008706f0c13d5cb
SHA512

c9d5b3e30bac46efe397dcf108cf31d9d641ae5adebde777fccf5314384d2d565a09d25e8c2f5586bcde83b746f63478be95c2a22ec28efec6fd497355b4f35b
SSDEEP

6144:yo4ozSmgUkbkN6eyzrcnEAaz9mdb9/pTqHu8uiHL:ZBSmgUkIa0ELz9mt9/EO8LL

Score

10^/10

raccoon 5b7eff386f31487f5db4c7f0e4006546 stealer

Malware Config

Extracted

Family

raccoon

Botnet

5b7eff386f31487f5db4c7f0e4006546

C2

http://165.232.118.86/

xor.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

C:\Users\Admin\AppData\Local\Temp\ProtonVPN_3.0.5.exe
"C:\Users\Admin\AppData\Local\Temp\ProtonVPN_3.0.5.exe"
1⤵
PID:948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/948-55-0x0000000000230000-0x0000000000253000-memory.dmp

Filesize
140KB

Download
memory/948-56-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download