raccoon | c4a93d85f3bdd338ab1e531720fdd25295164709a5d907907a0736cce01abe3a | Triage

Analysis

max time kernel
134s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2023 11:26

Sharing

Report Analysis Logs

General

Target

Version_Unlimited/Full_Version.exe
Size

726.3MB
MD5

db12e90433d2b7bdad87d253099086c4
SHA1

27e6ddef547dacfb9f61e5696f385ce7ae5b8226
SHA256

8228efa4c51e99435869d47aa1ac308b709a6ae6a9ea6f1c73dcae94df9cf2bc
SHA512

b41addfc3a450c16505f33f7c9c87de053bfe60a01a8ddc00f46697e8946535f7e6213eee89888690581783abe8f1c9e132f2576e5eb9b71fe29a6c75f62aee3
SSDEEP

196608:lRBBpsrir10wk8dEdCwOFelnpCRF///dNojvAYAC:NBpsmWNwwuelnpC5M

Score

10^/10

raccoon 3f90e121d72f5ca3e25782763e1827c1 stealer

Malware Config

Extracted

Family

raccoon

Botnet

3f90e121d72f5ca3e25782763e1827c1

C2

http://77.73.134.30/

xor.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/644-134-0x0000000000400000-0x0000000000D92000-memory.dmp	family_raccoon
behavioral2/memory/644-136-0x0000000000400000-0x0000000000D92000-memory.dmp	family_raccoon
behavioral2/memory/644-138-0x0000000000400000-0x0000000000D92000-memory.dmp	family_raccoon

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Full_Version.exe

pid process

644 Full_Version.exe
644 Full_Version.exe

C:\Users\Admin\AppData\Local\Temp\Version_Unlimited\Full_Version.exe
"C:\Users\Admin\AppData\Local\Temp\Version_Unlimited\Full_Version.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/644-134-0x0000000000400000-0x0000000000D92000-memory.dmp

Filesize
9.6MB

Download
memory/644-133-0x0000000000F40000-0x0000000000F41000-memory.dmp

Filesize
4KB

Download
memory/644-136-0x0000000000400000-0x0000000000D92000-memory.dmp

Filesize
9.6MB

Download
memory/644-138-0x0000000000400000-0x0000000000D92000-memory.dmp

Filesize
9.6MB

Download