raccoon | 72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
14-08-2023 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe
Size

11.0MB
MD5

7e0bb426b193143f83a3c8b99df8c730
SHA1

33917b5b11a29429d2680895532f64d1be090c95
SHA256

72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615
SHA512

9ba2bd89e698bb9b87b4fe2c4205f7127c668b212e152ce730b49bd0f3ed1a59865ca44e6d00b100b7f9ab7e0b37a4e9de9179790a41f150a80f8df6ccae8b2e
SSDEEP

196608:PrQt9IzyHyvJ1fJ1JtJxb0ORJmBHnI6JzxrkxzUBKdgrvW:Ef2yANJ/tJxJJmZnIszxrkxzKrvW

Score

10^/10

raccoon f26f614d4c0bc2bcd6601785661fb5cf stealer

Malware Config

Extracted

Family

raccoon

Botnet

f26f614d4c0bc2bcd6601785661fb5cf

http://83.217.11.34

http://83.217.11.35

xor.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1072-67-0x0000000000400000-0x000000000041D000-memory.dmp	family_raccoon
behavioral1/memory/2072-73-0x0000000000400000-0x00000000014F0000-memory.dmp	family_raccoon

Suspicious use of SetThreadContext 1 IoCs

Processes:

72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe

description	pid	process	target process
PID 2072 set thread context of 1072	2072	72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe	AppLaunch.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe

pid process

2072 72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe

pid	process
2072	72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe

description	pid	process	target process
PID 2072 wrote to memory of 1072	2072	72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe	AppLaunch.exe
PID 2072 wrote to memory of 1072	2072	72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe	AppLaunch.exe
PID 2072 wrote to memory of 1072	2072	72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe	AppLaunch.exe
PID 2072 wrote to memory of 1072	2072	72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe	AppLaunch.exe
PID 2072 wrote to memory of 1072	2072	72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe	AppLaunch.exe
PID 2072 wrote to memory of 1072	2072	72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe	AppLaunch.exe
PID 2072 wrote to memory of 1072	2072	72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe	AppLaunch.exe
PID 2072 wrote to memory of 1072	2072	72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe	AppLaunch.exe
PID 2072 wrote to memory of 1072	2072	72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe	AppLaunch.exe

C:\Users\Admin\AppData\Local\Temp\72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe
"C:\Users\Admin\AppData\Local\Temp\72b26d02a9e5f8a0c69065a43abdd0abac209c5d850ce35122821225fcc07615.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2072

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
PID:1072

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1072-65-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1072-67-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1072-71-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2072-54-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2072-57-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2072-56-0x0000000000400000-0x00000000014F0000-memory.dmp

Filesize
16.9MB

Download
memory/2072-61-0x0000000000400000-0x00000000014F0000-memory.dmp

Filesize
16.9MB

Download
memory/2072-60-0x0000000077E70000-0x0000000077E71000-memory.dmp

Filesize
4KB

Download
memory/2072-59-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2072-64-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2072-73-0x0000000000400000-0x00000000014F0000-memory.dmp

Filesize
16.9MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads