raccoon | 32eb91bc7933a1e99fb1416e60523ecfde0811e5cdeb74b7877f457bf6dfea3e

Analysis

max time kernel
141s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2023 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jre-8u371-windows-i586.exe
Size

56.9MB
MD5

1b10be824ca0b2c31f43d296dc3df490
SHA1

14970b5fec652d066d93a41b84a4361cd798f7bb
SHA256

32eb91bc7933a1e99fb1416e60523ecfde0811e5cdeb74b7877f457bf6dfea3e
SHA512

e7ba353cd2b3a460525c3c5f0c75f042d5208ddd5c3f61b9dfb38f43399160ac0e6f7264d29bdad653d84ea254e1d616b483fa778722d37dbba2824b2f99dc2e
SSDEEP

786432:M5XmTHOmwqBSKNfVY7IU8eAISCuNdhy5NaYDZR8TQipFm4KhF+9cYdNwNkNrcZ:MoumZbNNun8vfbxERTipHdKYdCNk1s

Score

10^/10

raccoon stealer

Malware Config

Extracted

Family

raccoon

rc4.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Executes dropped EXE 1 IoCs

Processes:

jre-8u371-windows-i586.exe

pid process

3936 jre-8u371-windows-i586.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

jre-8u371-windows-i586.exe

pid process

3936 jre-8u371-windows-i586.exe
3936 jre-8u371-windows-i586.exe

pid	process
3936	jre-8u371-windows-i586.exe

pid	process
3936	jre-8u371-windows-i586.exe
3936	jre-8u371-windows-i586.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

jre-8u371-windows-i586.exe

description	pid	process	target process
PID 1852 wrote to memory of 3936	1852	jre-8u371-windows-i586.exe	jre-8u371-windows-i586.exe
PID 1852 wrote to memory of 3936	1852	jre-8u371-windows-i586.exe	jre-8u371-windows-i586.exe
PID 1852 wrote to memory of 3936	1852	jre-8u371-windows-i586.exe	jre-8u371-windows-i586.exe

C:\Users\Admin\AppData\Local\Temp\jre-8u371-windows-i586.exe
"C:\Users\Admin\AppData\Local\Temp\jre-8u371-windows-i586.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Users\Admin\AppData\Local\Temp\jds240555984.tmp\jre-8u371-windows-i586.exe
  "C:\Users\Admin\AppData\Local\Temp\jds240555984.tmp\jre-8u371-windows-i586.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jds240555984.tmp\jre-8u371-windows-i586.exe

Filesize
56.6MB

MD5
3861f5205fd11c1bc8e1e3c4303a646c

SHA1
522e7f7d69b9dee671c8b838a968adc69f1bf8bd

SHA256
9c4318199b9cf0ce4587ebb2ef6957445655d4a337d441505e6b1176669bd680

SHA512
41510e66ec594279175c38acf7f07353dfaacf6d7a9b0304d5d730a14b9851150748938866e73862ff1b1f778a9eebfaa6ccb88cd08ccc3f19e0b64d23e7fa76

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240555984.tmp\jre-8u371-windows-i586.exe

Filesize
56.6MB

MD5
3861f5205fd11c1bc8e1e3c4303a646c

SHA1
522e7f7d69b9dee671c8b838a968adc69f1bf8bd

SHA256
9c4318199b9cf0ce4587ebb2ef6957445655d4a337d441505e6b1176669bd680

SHA512
41510e66ec594279175c38acf7f07353dfaacf6d7a9b0304d5d730a14b9851150748938866e73862ff1b1f778a9eebfaa6ccb88cd08ccc3f19e0b64d23e7fa76

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
267KB

MD5
4bdb1b532574ddc0d2c3c5ade8676598

SHA1
35e36e0f0adf9e3f08ffce07bbeb404b260cc163

SHA256
a9e9c2e6384b2e515641aaf7b6a4ed5cc1960251844c293c3f340770afdfd618

SHA512
1546c45e8616e2069c9c9b099be9cf0d75891d1577c65d5470c2c1e96350ee8d92fa7b3a130da4d3cb28f60ffce47341a3863efb71bf84172c0a7a9101f2e0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
267KB

MD5
86340df73afe64bd8f0c8b3ade34541b

SHA1
34205945e0dcc3339d42fc8b8eec2ab7554a400f

SHA256
db24bf478f4dfb43336eed7cf87162e0af56a99a30f89f1f38660e5fe53a9fd7

SHA512
36c8556ed854fee8936b1f8c5ea0e0e9a4aaa8269ea183d82f1dc66def3e582c5627d12418ee0a1609687e85f995a5c02c744a95f7f759976a9263990fcb86f9

Download Submit