raccoon | c4a93d85f3bdd338ab1e531720fdd25295164709a5d907907a0736cce01abe3a

Analysis

max time kernel
121s
max time network
143s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
18-07-2023 11:26

Target

Version_Unlimited/Full_Version.exe
Size

726.3MB
MD5

db12e90433d2b7bdad87d253099086c4
SHA1

27e6ddef547dacfb9f61e5696f385ce7ae5b8226
SHA256

8228efa4c51e99435869d47aa1ac308b709a6ae6a9ea6f1c73dcae94df9cf2bc
SHA512

b41addfc3a450c16505f33f7c9c87de053bfe60a01a8ddc00f46697e8946535f7e6213eee89888690581783abe8f1c9e132f2576e5eb9b71fe29a6c75f62aee3
SSDEEP

196608:lRBBpsrir10wk8dEdCwOFelnpCRF///dNojvAYAC:NBpsmWNwwuelnpC5M

Score

10^/10

Family

raccoon

Botnet

3f90e121d72f5ca3e25782763e1827c1

http://77.73.134.30/

xor.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1732-56-0x0000000000400000-0x0000000000D92000-memory.dmp	family_raccoon
behavioral1/memory/1732-59-0x0000000000400000-0x0000000000D92000-memory.dmp	family_raccoon
behavioral1/memory/1732-65-0x0000000000400000-0x0000000000D92000-memory.dmp	family_raccoon

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

Full_Version.exe

pid process

1732 Full_Version.exe

pid	process
1732	Full_Version.exe

C:\Users\Admin\AppData\Local\Temp\Version_Unlimited\Full_Version.exe
"C:\Users\Admin\AppData\Local\Temp\Version_Unlimited\Full_Version.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1732

memory/1732-54-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1732-56-0x0000000000400000-0x0000000000D92000-memory.dmp

Filesize
9.6MB

Download
memory/1732-57-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1732-59-0x0000000000400000-0x0000000000D92000-memory.dmp

Filesize
9.6MB

Download
memory/1732-61-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1732-62-0x00000000777F0000-0x00000000777F1000-memory.dmp

Filesize
4KB

Download
memory/1732-65-0x0000000000400000-0x0000000000D92000-memory.dmp

Filesize
9.6MB

Download