raccoon | 2254a6a7e7c56dd273be02cd3e08493a64da871236a22c0919ed5eef3777dbb4

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2023 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe
Size

2.5MB
MD5

6ef1e4eb4447a37e49946e86021314e9
SHA1

29426df9e7447aa088c21c38f44a9ecfb7b266d9
SHA256

fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81
SHA512

8b07edc61d257157a2590ccd7e395ff82b94ade2f1f15f5d634f76d73da2a6a6be7e7d083d958a5d021c7925eb2e3583b70e576c4d5f339aa1d8efc12dbac477
SSDEEP

24576:ouSNRJncu+meZg+yjGFl4z/sQ65aPuGibvDRv3X/RT50oI3ThQhK+Mh3j3T6u7oQ:oN1hjGgVjUeQjxP/RvxhK+OjG71ol+Mt

Score

10^/10

raccoon da1a2bf97bd22db993dd01b30d040258 stealer

Malware Config

Extracted

Family

raccoon

Botnet

da1a2bf97bd22db993dd01b30d040258

http://77.246.102.57:80/

xor.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer payload 3 IoCs

resource	yara_rule
behavioral2/memory/1288-192-0x0000000000400000-0x000000000040F000-memory.dmp	family_raccoon
behavioral2/memory/1288-195-0x0000000000400000-0x000000000040F000-memory.dmp	family_raccoon
behavioral2/memory/1288-197-0x0000000000400000-0x000000000040F000-memory.dmp	family_raccoon

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4332 set thread context of 1288	4332	fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe	88

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4332	fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 1288	4332	fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe	88
PID 4332 wrote to memory of 1288	4332	fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe	88
PID 4332 wrote to memory of 1288	4332	fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe	88
PID 4332 wrote to memory of 1288	4332	fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe	88
PID 4332 wrote to memory of 1288	4332	fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe	88
PID 4332 wrote to memory of 1288	4332	fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe	88
PID 4332 wrote to memory of 1288	4332	fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe	88
PID 4332 wrote to memory of 1288	4332	fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe	88

C:\Users\Admin\AppData\Local\Temp\fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe
"C:\Users\Admin\AppData\Local\Temp\fb6dcfde4437027abef2cf99a67351a16f28615457339ac160d55cf8ea57bc81.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:1288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1288-192-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1288-197-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1288-195-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4332-161-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-139-0x0000000005070000-0x0000000005080000-memory.dmp

Filesize
64KB

Download
memory/4332-163-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-165-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-140-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-143-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-141-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-145-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-147-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-149-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-151-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-153-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-155-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-157-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-159-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-133-0x00000000001D0000-0x000000000044C000-memory.dmp

Filesize
2.5MB

Download
memory/4332-138-0x0000000074570000-0x0000000074D20000-memory.dmp

Filesize
7.7MB

Download
memory/4332-167-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-137-0x0000000004F30000-0x0000000004F42000-memory.dmp

Filesize
72KB

Download
memory/4332-169-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-171-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-173-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-175-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-177-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-179-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-181-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-183-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-185-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-187-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-189-0x0000000004FD0000-0x0000000004FF3000-memory.dmp

Filesize
140KB

Download
memory/4332-190-0x0000000005010000-0x0000000005011000-memory.dmp

Filesize
4KB

Download
memory/4332-191-0x0000000005AC0000-0x0000000005B5C000-memory.dmp

Filesize
624KB

Download
memory/4332-136-0x0000000004E40000-0x0000000004ED2000-memory.dmp

Filesize
584KB

Download
memory/4332-135-0x0000000005510000-0x0000000005AB4000-memory.dmp

Filesize
5.6MB

Download
memory/4332-196-0x0000000074570000-0x0000000074D20000-memory.dmp

Filesize
7.7MB

Download
memory/4332-134-0x0000000074570000-0x0000000074D20000-memory.dmp

Filesize
7.7MB

Download