raccoon | 9998a13c9765059b9bb6dc9795b5af7d83a575b1994bd455a9cfc890a8f8f055

Analysis

max time kernel
148s
max time network
151s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
25-06-2023 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ISLLightexe.exe
Size

591KB
MD5

0c7b1b300029227ec246a0c51034bcba
SHA1

e3d02142d073267b9e723fe20b8f8cf1ca1446bb
SHA256

9998a13c9765059b9bb6dc9795b5af7d83a575b1994bd455a9cfc890a8f8f055
SHA512

bbb81c66f39789eb64dd67f52c3c5cb40ce50c4e89bda40fbc5751ff4e796779c16b8257a15e930ee318b8b36d1995a89f05149475a43da346849c18f6e3ca70
SSDEEP

12288:j9m4MBiB/6tV1C8tCeRuaqRK2opT7sQ2qN+VN6BUzNt6Oa4n5I:j9m4PBStV/CeHqRKj7R2K+OGt6In+

Score

10^/10

raccoon stealer

Malware Config

Extracted

Family

raccoon

rc4.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon
Executes dropped EXE 2 IoCs

Processes:

ISLLight_4_4_2234_59.exeISLLight.exe

pid process

1368 ISLLight_4_4_2234_59.exe
1984 ISLLight.exe

pid	process
1368	ISLLight_4_4_2234_59.exe
1984	ISLLight.exe

Loads dropped DLL 6 IoCs

Processes:

ISLLightexe.exeISLLight_4_4_2234_59.exe

pid	process
928	ISLLightexe.exe
928	ISLLightexe.exe
1368	ISLLight_4_4_2234_59.exe
1368	ISLLight_4_4_2234_59.exe
1368	ISLLight_4_4_2234_59.exe
1368	ISLLight_4_4_2234_59.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

ISLLight.exe

pid process

1984 ISLLight.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

ISLLight.exe

pid process

1984 ISLLight.exe

pid	process
1984	ISLLight.exe

pid	process
1984	ISLLight.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

ISLLightexe.exeISLLight_4_4_2234_59.exe

description	pid	process	target process
PID 928 wrote to memory of 1368	928	ISLLightexe.exe	ISLLight_4_4_2234_59.exe
PID 928 wrote to memory of 1368	928	ISLLightexe.exe	ISLLight_4_4_2234_59.exe
PID 928 wrote to memory of 1368	928	ISLLightexe.exe	ISLLight_4_4_2234_59.exe
PID 928 wrote to memory of 1368	928	ISLLightexe.exe	ISLLight_4_4_2234_59.exe
PID 1368 wrote to memory of 1984	1368	ISLLight_4_4_2234_59.exe	ISLLight.exe
PID 1368 wrote to memory of 1984	1368	ISLLight_4_4_2234_59.exe	ISLLight.exe
PID 1368 wrote to memory of 1984	1368	ISLLight_4_4_2234_59.exe	ISLLight.exe
PID 1368 wrote to memory of 1984	1368	ISLLight_4_4_2234_59.exe	ISLLight.exe

C:\Users\Admin\AppData\Local\Temp\ISLLightexe.exe
"C:\Users\Admin\AppData\Local\Temp\ISLLightexe.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:928
- C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1687688429_928_580_50536190\ISLLight_4_4_2234_59.exe
  ISLLight_4_4_2234_59.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1368
- - C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Light\1\ISLLight.exe
    "C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Light\1\ISLLight.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    PID:1984

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Light\1\ISLLight.exe

Filesize
22.8MB

MD5
b654b60c47e5d034a074552220f04054

SHA1
5ef13e9c3b9faf5e8f1fd63a227fc2da6d7c6b98

SHA256
01c1bc88cf97d11d15257fb4b27486552898569dc73fdaa6e56b799d28febaa3

SHA512
1903a9d3ab07dfd1aa1f700a26fe6dae8a12559b0acf3dc30f697499167cf35ca1586c6d2504f38343be18bdd8ecd861bcd76f29ab4dd9645505a032cc3352ca

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1687688429_928_580_50536190\ISLLight_4_4_2234_59.exe

Filesize
13.6MB

MD5
31586ee036dbae8ce3da4656112111dd

SHA1
69759e43c56bb70d0d9bbb955429ce5043da74f8

SHA256
9ab2900cc6f23d8445c3004f03891fa4c620bd9a25f628f09485d669c173060f

SHA512
d03ba011d0ed6ed7e0706402b64517d37e274064f2fcc32afe3d418408451c428f3cbe31010fbad2af2784fdc06b1beabe85b175cc1f12e640514913b3a8d41d

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1687688429_928_580_50536190\ISLLight_4_4_2234_59.exe

Filesize
13.6MB

MD5
31586ee036dbae8ce3da4656112111dd

SHA1
69759e43c56bb70d0d9bbb955429ce5043da74f8

SHA256
9ab2900cc6f23d8445c3004f03891fa4c620bd9a25f628f09485d669c173060f

SHA512
d03ba011d0ed6ed7e0706402b64517d37e274064f2fcc32afe3d418408451c428f3cbe31010fbad2af2784fdc06b1beabe85b175cc1f12e640514913b3a8d41d

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

Filesize
21KB

MD5
c6f6238e24bf0d16fe8c432c655d6cfe

SHA1
f554ed53eae7836ee8003e155771d28297d6b5d3

SHA256
019d9fd0634a588d5446db2bfdb2c618fd9db898c748d0808f77dfe59da5385a

SHA512
6bac40042dc93d407996216ef38777fc297dd35cb5b0480a4eaac49beb4be8cfc34df2dc4a82167f1f23f93382bfcc22e70bb4d0482bad45c22a7eaa512bb439

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

Filesize
4KB

MD5
608490c051aa8d42f42cfde4090e4f2b

SHA1
6b3decd7a75d51d866d47aa299301d81c345160f

SHA256
524e749caede452549bd20791a79356f9174d46ea2c207661e1358b5498860fe

SHA512
a59bb84eaae8c112b3f71d60da371ccd3f2302f188f4a1200db4d80339b4f68ee1aa4d2d55c1cf42d83047186e7a6a4631673ae24f0ffa2b33a4b43ca882edd2

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Light\1\ISLLight.exe

Filesize
22.8MB

MD5
b654b60c47e5d034a074552220f04054

SHA1
5ef13e9c3b9faf5e8f1fd63a227fc2da6d7c6b98

SHA256
01c1bc88cf97d11d15257fb4b27486552898569dc73fdaa6e56b799d28febaa3

SHA512
1903a9d3ab07dfd1aa1f700a26fe6dae8a12559b0acf3dc30f697499167cf35ca1586c6d2504f38343be18bdd8ecd861bcd76f29ab4dd9645505a032cc3352ca

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Light\1\ISLLight.exe

Filesize
22.8MB

MD5
b654b60c47e5d034a074552220f04054

SHA1
5ef13e9c3b9faf5e8f1fd63a227fc2da6d7c6b98

SHA256
01c1bc88cf97d11d15257fb4b27486552898569dc73fdaa6e56b799d28febaa3

SHA512
1903a9d3ab07dfd1aa1f700a26fe6dae8a12559b0acf3dc30f697499167cf35ca1586c6d2504f38343be18bdd8ecd861bcd76f29ab4dd9645505a032cc3352ca

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Light\1\ISLLight.exe

Filesize
22.8MB

MD5
b654b60c47e5d034a074552220f04054

SHA1
5ef13e9c3b9faf5e8f1fd63a227fc2da6d7c6b98

SHA256
01c1bc88cf97d11d15257fb4b27486552898569dc73fdaa6e56b799d28febaa3

SHA512
1903a9d3ab07dfd1aa1f700a26fe6dae8a12559b0acf3dc30f697499167cf35ca1586c6d2504f38343be18bdd8ecd861bcd76f29ab4dd9645505a032cc3352ca

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Light\1\ISLLight.exe

Filesize
22.8MB

MD5
b654b60c47e5d034a074552220f04054

SHA1
5ef13e9c3b9faf5e8f1fd63a227fc2da6d7c6b98

SHA256
01c1bc88cf97d11d15257fb4b27486552898569dc73fdaa6e56b799d28febaa3

SHA512
1903a9d3ab07dfd1aa1f700a26fe6dae8a12559b0acf3dc30f697499167cf35ca1586c6d2504f38343be18bdd8ecd861bcd76f29ab4dd9645505a032cc3352ca

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll

Filesize
1.3MB

MD5
02b937adeeb7019556af1cd6a078b6e1

SHA1
5a0a6965ef4b264a33326a6756fcf3370ededb8e

SHA256
e004033c67a336169166e22ea1abff438a620f93a784eec457062598456d9035

SHA512
59a29b25939c30462da30a2d51c1e2d50c1a20db951519810d980f992833868be1a8e5edd4616ab937872d1f4264e78f0a9e040a1d674616e77079ff8fcc9f42

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1687688429_928_580_50536190\ISLLight_4_4_2234_59.exe

Filesize
13.6MB

MD5
31586ee036dbae8ce3da4656112111dd

SHA1
69759e43c56bb70d0d9bbb955429ce5043da74f8

SHA256
9ab2900cc6f23d8445c3004f03891fa4c620bd9a25f628f09485d669c173060f

SHA512
d03ba011d0ed6ed7e0706402b64517d37e274064f2fcc32afe3d418408451c428f3cbe31010fbad2af2784fdc06b1beabe85b175cc1f12e640514913b3a8d41d

Download Submit
memory/1984-212-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-224-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-173-0x0000000006B70000-0x0000000006D70000-memory.dmp

Filesize
2.0MB

Download
memory/1984-191-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1984-193-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1984-194-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1984-196-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1984-201-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/1984-202-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/1984-209-0x0000000000A90000-0x0000000000A91000-memory.dmp

Filesize
4KB

Download
memory/1984-210-0x0000000000A90000-0x0000000000A91000-memory.dmp

Filesize
4KB

Download
memory/1984-148-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/1984-216-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-220-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-221-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-222-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-223-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-171-0x0000000006730000-0x0000000006B70000-memory.dmp

Filesize
4.2MB

Download
memory/1984-227-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/1984-228-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-229-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-230-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-231-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/1984-232-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-233-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-234-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1984-235-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/1984-236-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/1984-237-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/1984-238-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/1984-256-0x0000000000AE0000-0x0000000000AEA000-memory.dmp

Filesize
40KB

Download
memory/1984-257-0x0000000000AE0000-0x0000000000AEA000-memory.dmp

Filesize
40KB

Download
memory/1984-300-0x0000000000AE0000-0x0000000000AEA000-memory.dmp

Filesize
40KB

Download
memory/1984-301-0x0000000000AE0000-0x0000000000AEA000-memory.dmp

Filesize
40KB

Download