raccoon | 9d05e8ef93511f02e7f0d270402b37658817a2d233f9cd12b40b87d4a4af7a77

Analysis

max time kernel
138s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2023, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d05e8ef93511f02e7f0d2704.exe
Size

3.5MB
MD5

7aa8353d95576dfdd42d2382ffe0e626
SHA1

9798cd96ca573c6f54fc84611cfc4a7802212dea
SHA256

9d05e8ef93511f02e7f0d270402b37658817a2d233f9cd12b40b87d4a4af7a77
SHA512

f536592a62c5b510f05dc05b866c59557a7246052605551d364c4c1a9d9f8b94f01dbd3cf8526e4a5bded4dd81791923f14f424310d712306b523c3aca8bbc64
SSDEEP

24576:yqCSpM9XJSnFTGkzgB3uz60e5Lb1HCfLSovTaCqbvF+WKzQqW/pt64Y5v7QHuHOa:yqCgHny3COVb1HCfLpv

Score

10^/10

raccoon fa72f4c1fbe65cee8651140fd47267ba stealer

Malware Config

Extracted

Family

raccoon

Botnet

fa72f4c1fbe65cee8651140fd47267ba

http://193.142.147.59:80

xor.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer payload 1 IoCs

resource	yara_rule
behavioral2/memory/268-1466-0x0000000000400000-0x000000000040F000-memory.dmp	family_raccoon

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 324 set thread context of 268	324	9d05e8ef93511f02e7f0d2704.exe	85

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	324	9d05e8ef93511f02e7f0d2704.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 324 wrote to memory of 268	324	9d05e8ef93511f02e7f0d2704.exe	85
PID 324 wrote to memory of 268	324	9d05e8ef93511f02e7f0d2704.exe	85
PID 324 wrote to memory of 268	324	9d05e8ef93511f02e7f0d2704.exe	85
PID 324 wrote to memory of 268	324	9d05e8ef93511f02e7f0d2704.exe	85
PID 324 wrote to memory of 268	324	9d05e8ef93511f02e7f0d2704.exe	85
PID 324 wrote to memory of 268	324	9d05e8ef93511f02e7f0d2704.exe	85
PID 324 wrote to memory of 268	324	9d05e8ef93511f02e7f0d2704.exe	85
PID 324 wrote to memory of 268	324	9d05e8ef93511f02e7f0d2704.exe	85

C:\Users\Admin\AppData\Local\Temp\9d05e8ef93511f02e7f0d2704.exe
"C:\Users\Admin\AppData\Local\Temp\9d05e8ef93511f02e7f0d2704.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:324
- C:\Users\Admin\AppData\Local\Temp\9d05e8ef93511f02e7f0d2704.exe
  C:\Users\Admin\AppData\Local\Temp\9d05e8ef93511f02e7f0d2704.exe
  2⤵
  PID:268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/268-1466-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/324-170-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-160-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-137-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-139-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-143-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-141-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-145-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-148-0x0000000004F50000-0x0000000004F60000-memory.dmp

Filesize
64KB

Download
memory/324-147-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-154-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-152-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-150-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-156-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-158-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-133-0x00000000001F0000-0x0000000000576000-memory.dmp

Filesize
3.5MB

Download
memory/324-162-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-164-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-166-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-134-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-168-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-182-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-174-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-176-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-178-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-180-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-172-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-188-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-186-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-184-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-192-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-194-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-196-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-190-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-198-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download
memory/324-1342-0x0000000004F50000-0x0000000004F60000-memory.dmp

Filesize
64KB

Download
memory/324-1458-0x0000000004F40000-0x0000000004F41000-memory.dmp

Filesize
4KB

Download
memory/324-1459-0x0000000005430000-0x00000000054C2000-memory.dmp

Filesize
584KB

Download
memory/324-1460-0x00000000054D0000-0x0000000005536000-memory.dmp

Filesize
408KB

Download
memory/324-1461-0x0000000005E90000-0x0000000006434000-memory.dmp

Filesize
5.6MB

Download
memory/324-135-0x0000000005060000-0x0000000005127000-memory.dmp

Filesize
796KB

Download