raccoon | aa9f12fd49254a9abce5cbe72cd428b8376f0da76cfd4361709ebe7f8bfb26b5

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 05:12

Target

aa9f12fd49254a9abce5cbe72cd428b8376f0da76cfd4.exe
Size

224KB
MD5

1d8335d00f69c2d195ef13993c862af1
SHA1

f340e5a5a36f698de8f36b580fae61c782206713
SHA256

aa9f12fd49254a9abce5cbe72cd428b8376f0da76cfd4361709ebe7f8bfb26b5
SHA512

5e50e44ffdfe8846dd2132e770cfa184d5e2479775f4ca437064847d0102b3731f408154a572b0025d044d5ad78fe74015c5fcbd84b9e90462f73b88a346769c
SSDEEP

3072:rXpMcSCgLTI5Ym6W4krKFXn1ZoLV+/ZEc5D8T7fvm8H0AdTS5X8Tyh:D2jCYIey4krgQLQ/Zr6f+fAdTw8T

Score

10^/10

Family

raccoon

Botnet

cf94c33cd30592e5c05e75b8544f18ac

http://93.185.166.154:80/

Attributes

xor.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer payload 3 IoCs

resource	yara_rule
behavioral1/memory/1180-2-0x0000000000400000-0x00000000005AF000-memory.dmp	family_raccoon
behavioral1/memory/1180-3-0x00000000002B0000-0x00000000002CA000-memory.dmp	family_raccoon
behavioral1/memory/1180-4-0x0000000000400000-0x00000000005AF000-memory.dmp	family_raccoon

C:\Users\Admin\AppData\Local\Temp\aa9f12fd49254a9abce5cbe72cd428b8376f0da76cfd4.exe
"C:\Users\Admin\AppData\Local\Temp\aa9f12fd49254a9abce5cbe72cd428b8376f0da76cfd4.exe"
1⤵
PID:1180

memory/1180-1-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download
memory/1180-2-0x0000000000400000-0x00000000005AF000-memory.dmp

Filesize
1.7MB

Download
memory/1180-3-0x00000000002B0000-0x00000000002CA000-memory.dmp

Filesize
104KB

Download
memory/1180-4-0x0000000000400000-0x00000000005AF000-memory.dmp

Filesize
1.7MB

Download
memory/1180-5-0x0000000000630000-0x0000000000730000-memory.dmp

Filesize
1024KB

Download