raccoon | fb0c7b5f987b4224134d48b37bde3dad7fe4538f660d3d461aa470c6aa18e4ec

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 09:43

Target

14d150843722630bc9222108a89db87f.exe
Size

492KB
MD5

14d150843722630bc9222108a89db87f
SHA1

af6e7dbe56399207ee35f62153f45f1c3df112f1
SHA256

fb0c7b5f987b4224134d48b37bde3dad7fe4538f660d3d461aa470c6aa18e4ec
SHA512

0050860cca81b92f3f9252821243e04d2b51ee43855e5c260158cb4f7b70f99e185211eba3eae7aaf8292635433e54478f1d04ab44335b83c35b67c7dd828c99
SSDEEP

12288:RWi++HEE98iTKJ0rA/iuBlnTg+8k9WQENv1Hc9c:RNn9X2f/ieU+8kQ9vZ

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/4876-2-0x0000000003B10000-0x0000000003B9F000-memory.dmp	family_raccoon_v1
behavioral2/memory/4876-3-0x0000000000400000-0x0000000001DC8000-memory.dmp	family_raccoon_v1
behavioral2/memory/4876-4-0x0000000000400000-0x0000000001DC8000-memory.dmp	family_raccoon_v1
behavioral2/memory/4876-6-0x0000000003B10000-0x0000000003B9F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1568	4876	WerFault.exe	87
1892	4876	WerFault.exe	87
808	4876	WerFault.exe	87
744	4876	WerFault.exe	87
1728	4876	WerFault.exe	87
1836	4876	WerFault.exe	87

C:\Users\Admin\AppData\Local\Temp\14d150843722630bc9222108a89db87f.exe
"C:\Users\Admin\AppData\Local\Temp\14d150843722630bc9222108a89db87f.exe"
1⤵
PID:4876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 740
  2⤵
  - Program crash
  PID:1568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 776
  2⤵
  - Program crash
  PID:1892
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 752
  2⤵
  - Program crash
  PID:808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 892
  2⤵
  - Program crash
  PID:744
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 1164
  2⤵
  - Program crash
  PID:1728
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 1216
  2⤵
  - Program crash
  PID:1836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4876 -ip 4876
1⤵
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4876 -ip 4876
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4876 -ip 4876
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4876 -ip 4876
1⤵
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4876 -ip 4876
1⤵
PID:1168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4876 -ip 4876
1⤵
PID:544

memory/4876-1-0x0000000002020000-0x0000000002120000-memory.dmp

Filesize
1024KB

Download
memory/4876-2-0x0000000003B10000-0x0000000003B9F000-memory.dmp

Filesize
572KB

Download
memory/4876-3-0x0000000000400000-0x0000000001DC8000-memory.dmp

Filesize
25.8MB

Download
memory/4876-4-0x0000000000400000-0x0000000001DC8000-memory.dmp

Filesize
25.8MB

Download
memory/4876-6-0x0000000003B10000-0x0000000003B9F000-memory.dmp

Filesize
572KB

Download
memory/4876-7-0x0000000002020000-0x0000000002120000-memory.dmp

Filesize
1024KB

Download