raccoon | 36dc266ad1ea8df01393368710ee6c6fd21629e833252cf0f3f63dffd908c805

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
14-08-2023 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

3.5MB
MD5

4695f98bf6e8c0908c0b6af77ec31a6c
SHA1

41b05253a583238d6c583a97eb6d45e92607f53d
SHA256

36dc266ad1ea8df01393368710ee6c6fd21629e833252cf0f3f63dffd908c805
SHA512

b85d91a68c514e2e27d0a1b72aa7d12abed855953944eb2ab7a723a9770972b94434416a2415fc46a3aee516642121329b22eb61f80fc760d011da0ce4acfb30
SSDEEP

24576:Pam/O3RT2048qUkeSLdnC/sGB9D/YBl7B3Yom6pd+e6idu6sN6FCBfcW877++aIS:PaZ3Rb4UScABl7B3YH6pd+e6i

Score

10^/10

raccoon 071a7b18a42c1cd94de2fc5bb0bbcaf2 stealer

Malware Config

Extracted

Family

raccoon

Botnet

071a7b18a42c1cd94de2fc5bb0bbcaf2

http://193.142.147.59:80

xor.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2980-1395-0x0000000000400000-0x000000000040F000-memory.dmp	family_raccoon
behavioral1/memory/2980-1396-0x0000000000400000-0x000000000040F000-memory.dmp	family_raccoon

Suspicious use of SetThreadContext 1 IoCs

Processes:

tmp.exe

description pid process target process

PID 2084 set thread context of 2980 2084 tmp.exe tmp.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

tmp.exe

description pid process

Token: SeDebugPrivilege 2084 tmp.exe

description	pid	process	target process
PID 2084 set thread context of 2980	2084	tmp.exe	tmp.exe

description	pid	process
Token: SeDebugPrivilege	2084	tmp.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 2084 wrote to memory of 2980	2084	tmp.exe	tmp.exe
PID 2084 wrote to memory of 2980	2084	tmp.exe	tmp.exe
PID 2084 wrote to memory of 2980	2084	tmp.exe	tmp.exe
PID 2084 wrote to memory of 2980	2084	tmp.exe	tmp.exe
PID 2084 wrote to memory of 2980	2084	tmp.exe	tmp.exe
PID 2084 wrote to memory of 2980	2084	tmp.exe	tmp.exe
PID 2084 wrote to memory of 2980	2084	tmp.exe	tmp.exe
PID 2084 wrote to memory of 2980	2084	tmp.exe	tmp.exe
PID 2084 wrote to memory of 2980	2084	tmp.exe	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  C:\Users\Admin\AppData\Local\Temp\tmp.exe
  2⤵
  PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2084-54-0x00000000008E0000-0x0000000000C64000-memory.dmp

Filesize
3.5MB

Download
memory/2084-55-0x0000000074250000-0x000000007493E000-memory.dmp

Filesize
6.9MB

Download
memory/2084-56-0x0000000004C10000-0x0000000004CDC000-memory.dmp

Filesize
816KB

Download
memory/2084-57-0x0000000000540000-0x0000000000580000-memory.dmp

Filesize
256KB

Download
memory/2084-58-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-59-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-61-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-63-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-65-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-67-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-69-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-71-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-73-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-75-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-77-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-79-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-81-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-83-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-85-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-87-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-89-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-91-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-93-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-95-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-97-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-99-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-101-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-103-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-105-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-107-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-109-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-111-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-113-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-115-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-117-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-119-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-121-0x0000000004C10000-0x0000000004CD7000-memory.dmp

Filesize
796KB

Download
memory/2084-1121-0x0000000074250000-0x000000007493E000-memory.dmp

Filesize
6.9MB

Download
memory/2084-1381-0x0000000000540000-0x0000000000580000-memory.dmp

Filesize
256KB

Download
memory/2084-1382-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/2084-1383-0x0000000000690000-0x00000000006C2000-memory.dmp

Filesize
200KB

Download
memory/2084-1384-0x0000000004FC0000-0x000000000500C000-memory.dmp

Filesize
304KB

Download
memory/2084-1393-0x0000000074250000-0x000000007493E000-memory.dmp

Filesize
6.9MB

Download
memory/2980-1395-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2980-1396-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download