raccoon | 7177bb89728733ebe11671d460dd68ae73f2485b92bfc58587ed9379261492dc

Analysis

max time kernel
101s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

229b20fcfbcfab8cf7e4a65ed0745695.exe
Size

1.4MB
MD5

229b20fcfbcfab8cf7e4a65ed0745695
SHA1

4b12a3e63834b7ce890a88a218955c634de068cd
SHA256

7177bb89728733ebe11671d460dd68ae73f2485b92bfc58587ed9379261492dc
SHA512

ffa39d194b7013235939f839156316846aea3bb59eaea6f1f7e9b84369c94d98180ae7c60e61bf66d604bbeb13b1fb4d8180843f1febb236c0f844fda51617a3
SSDEEP

24576:JMAV21MdCnv/T4F8fGEWBbH4Za+3sTYgdMpQ/ZriiRF:JXV2WdY74lES4ZP8TJMQ/Qk

Score

10^/10

raccoon a209f001fa31695840427e137517f126fcaa82e9 stealer

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

a209f001fa31695840427e137517f126fcaa82e9

Attributes

url4cnc
https://tttttt.me/h_nn_mm_1

rc4.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 5 IoCs

resource	yara_rule
behavioral1/memory/2956-20-0x0000000000400000-0x0000000000492000-memory.dmp	family_raccoon_v1
behavioral1/memory/2956-18-0x0000000000400000-0x0000000000492000-memory.dmp	family_raccoon_v1
behavioral1/memory/2956-16-0x0000000000400000-0x0000000000492000-memory.dmp	family_raccoon_v1
behavioral1/memory/2956-13-0x0000000000400000-0x0000000000492000-memory.dmp	family_raccoon_v1
behavioral1/memory/2956-12-0x0000000000400000-0x0000000000492000-memory.dmp	family_raccoon_v1

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2232 set thread context of 2956	2232	229b20fcfbcfab8cf7e4a65ed0745695.exe	30

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2956	2232	229b20fcfbcfab8cf7e4a65ed0745695.exe	30
PID 2232 wrote to memory of 2956	2232	229b20fcfbcfab8cf7e4a65ed0745695.exe	30
PID 2232 wrote to memory of 2956	2232	229b20fcfbcfab8cf7e4a65ed0745695.exe	30
PID 2232 wrote to memory of 2956	2232	229b20fcfbcfab8cf7e4a65ed0745695.exe	30
PID 2232 wrote to memory of 2956	2232	229b20fcfbcfab8cf7e4a65ed0745695.exe	30
PID 2232 wrote to memory of 2956	2232	229b20fcfbcfab8cf7e4a65ed0745695.exe	30
PID 2232 wrote to memory of 2956	2232	229b20fcfbcfab8cf7e4a65ed0745695.exe	30
PID 2232 wrote to memory of 2956	2232	229b20fcfbcfab8cf7e4a65ed0745695.exe	30
PID 2232 wrote to memory of 2956	2232	229b20fcfbcfab8cf7e4a65ed0745695.exe	30
PID 2232 wrote to memory of 2956	2232	229b20fcfbcfab8cf7e4a65ed0745695.exe	30

C:\Users\Admin\AppData\Local\Temp\229b20fcfbcfab8cf7e4a65ed0745695.exe
"C:\Users\Admin\AppData\Local\Temp\229b20fcfbcfab8cf7e4a65ed0745695.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\229b20fcfbcfab8cf7e4a65ed0745695.exe
  "C:\Users\Admin\AppData\Local\Temp\229b20fcfbcfab8cf7e4a65ed0745695.exe"
  2⤵
  PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2232-8-0x0000000005E40000-0x0000000005EDC000-memory.dmp

Filesize
624KB

Download
memory/2232-19-0x0000000074E90000-0x000000007557E000-memory.dmp

Filesize
6.9MB

Download
memory/2232-0-0x00000000013D0000-0x0000000001542000-memory.dmp

Filesize
1.4MB

Download
memory/2232-4-0x0000000000360000-0x0000000000386000-memory.dmp

Filesize
152KB

Download
memory/2232-3-0x0000000005AF0000-0x0000000005BC4000-memory.dmp

Filesize
848KB

Download
memory/2232-5-0x0000000074E90000-0x000000007557E000-memory.dmp

Filesize
6.9MB

Download
memory/2232-6-0x0000000001370000-0x00000000013B0000-memory.dmp

Filesize
256KB

Download
memory/2232-7-0x0000000005D80000-0x0000000005E42000-memory.dmp

Filesize
776KB

Download
memory/2232-2-0x0000000001370000-0x00000000013B0000-memory.dmp

Filesize
256KB

Download
memory/2232-1-0x0000000074E90000-0x000000007557E000-memory.dmp

Filesize
6.9MB

Download
memory/2956-9-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2956-18-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2956-16-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2956-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2956-13-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2956-12-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2956-11-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2956-10-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2956-20-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download