raccoon | ea37e566aca7bafee068385eda34b4f3b3bb1cfb71d1b83b2f6e255c879e3d28

Analysis

max time kernel
146s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:19

Target

2446fc04a3e83c36b236da487dea1161.exe
Size

423KB
MD5

2446fc04a3e83c36b236da487dea1161
SHA1

96ca31dfdd70d05d03636e6fb23420dce1368fe5
SHA256

ea37e566aca7bafee068385eda34b4f3b3bb1cfb71d1b83b2f6e255c879e3d28
SHA512

2b757db99799b21fd136c5387f27761dd34c54ef6803631de2d4e73e8aa010ebe9916cf293bbc9652a2653412108fb20afee598d885ba6ec38dee6c169a694f2
SSDEEP

12288:EZSePl9RXOJVl0Qe4XTWbCuU6iR2s/5a:EXuVl0b0z6iwg

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/1520-2-0x0000000004A40000-0x0000000004ACF000-memory.dmp	family_raccoon_v1
behavioral2/memory/1520-3-0x0000000000400000-0x0000000002CF8000-memory.dmp	family_raccoon_v1
behavioral2/memory/1520-7-0x0000000004A40000-0x0000000004ACF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
636	1520	WerFault.exe	14
460	1520	WerFault.exe	14
3808	1520	WerFault.exe	14
5040	1520	WerFault.exe	14
1316	1520	WerFault.exe	14
4868	1520	WerFault.exe	14

C:\Users\Admin\AppData\Local\Temp\2446fc04a3e83c36b236da487dea1161.exe
"C:\Users\Admin\AppData\Local\Temp\2446fc04a3e83c36b236da487dea1161.exe"
1⤵
PID:1520
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 740
  2⤵
  - Program crash
  PID:636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 776
  2⤵
  - Program crash
  PID:460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 744
  2⤵
  - Program crash
  PID:3808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 744
  2⤵
  - Program crash
  PID:5040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 1148
  2⤵
  - Program crash
  PID:1316
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 1156
  2⤵
  - Program crash
  PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1520 -ip 1520
1⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1520 -ip 1520
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1520 -ip 1520
1⤵
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1520 -ip 1520
1⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1520 -ip 1520
1⤵
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1520 -ip 1520
1⤵
PID:2688

memory/1520-2-0x0000000004A40000-0x0000000004ACF000-memory.dmp

Filesize
572KB

Download
memory/1520-1-0x0000000002FA0000-0x00000000030A0000-memory.dmp

Filesize
1024KB

Download
memory/1520-3-0x0000000000400000-0x0000000002CF8000-memory.dmp

Filesize
41.0MB

Download
memory/1520-7-0x0000000004A40000-0x0000000004ACF000-memory.dmp

Filesize
572KB

Download
memory/1520-6-0x0000000002FA0000-0x00000000030A0000-memory.dmp

Filesize
1024KB

Download