raccoon | 848b38077dee89f1c2f4dd7696007020643f767f88816ea7d345da49e59a7097

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:58

Target

027285639eb566604093237a1d742bfd.exe
Size

429KB
MD5

027285639eb566604093237a1d742bfd
SHA1

c31bcae478c779f188935442348e759c494277cf
SHA256

848b38077dee89f1c2f4dd7696007020643f767f88816ea7d345da49e59a7097
SHA512

a4e924795f37926db21fecbd2ef1313e827ed0d44a2bd747582e6829382e162a8fa16bdb40f1e917e4c192fc59f530475c0ea5f8a02d47e2622fcbc67d55228e
SSDEEP

12288:nju6P/RT/Uvxpx8OwGhyVp8ADRkr5gnlNBc:nju6xTepOqhgRDa4NBc

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/3900-2-0x0000000004AC0000-0x0000000004B4F000-memory.dmp	family_raccoon_v1
behavioral2/memory/3900-3-0x0000000000400000-0x0000000002CFA000-memory.dmp	family_raccoon_v1
behavioral2/memory/3900-4-0x0000000000400000-0x0000000002CFA000-memory.dmp	family_raccoon_v1
behavioral2/memory/3900-7-0x0000000004AC0000-0x0000000004B4F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1508	3900	WerFault.exe	16
3116	3900	WerFault.exe	16
2216	3900	WerFault.exe	16
920	3900	WerFault.exe	16
4820	3900	WerFault.exe	16
1364	3900	WerFault.exe	16

C:\Users\Admin\AppData\Local\Temp\027285639eb566604093237a1d742bfd.exe
"C:\Users\Admin\AppData\Local\Temp\027285639eb566604093237a1d742bfd.exe"
1⤵
PID:3900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 740
  2⤵
  - Program crash
  PID:1508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 776
  2⤵
  - Program crash
  PID:3116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 756
  2⤵
  - Program crash
  PID:2216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 888
  2⤵
  - Program crash
  PID:920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 1056
  2⤵
  - Program crash
  PID:4820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 1244
  2⤵
  - Program crash
  PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3900 -ip 3900
1⤵
PID:2440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3900 -ip 3900
1⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3900 -ip 3900
1⤵
PID:64

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3900 -ip 3900
1⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3900 -ip 3900
1⤵
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3900 -ip 3900
1⤵
PID:1044

memory/3900-2-0x0000000004AC0000-0x0000000004B4F000-memory.dmp

Filesize
572KB

Download
memory/3900-1-0x0000000002F20000-0x0000000003020000-memory.dmp

Filesize
1024KB

Download
memory/3900-3-0x0000000000400000-0x0000000002CFA000-memory.dmp

Filesize
41.0MB

Download
memory/3900-4-0x0000000000400000-0x0000000002CFA000-memory.dmp

Filesize
41.0MB

Download
memory/3900-7-0x0000000004AC0000-0x0000000004B4F000-memory.dmp

Filesize
572KB

Download
memory/3900-6-0x0000000002F20000-0x0000000003020000-memory.dmp

Filesize
1024KB

Download