raccoon | dc1ae0bd13880962598783520b2f445292c4274b0d815a225012a1984d99ab9a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/02/2024, 16:40

Target

a6d47e21e6372b85a265bfd07606c4ab.exe
Size

479KB
MD5

a6d47e21e6372b85a265bfd07606c4ab
SHA1

04568a77eea7176b146c0c667176c25f98b31f2e
SHA256

dc1ae0bd13880962598783520b2f445292c4274b0d815a225012a1984d99ab9a
SHA512

dec09005c862dc6f411008357512006f2c4341d53d15d792a31ce5309e90ceb8144db83dd5657ad9ca21d51e84673d999be797370c150a26ba73d5005f4fa3c7
SSDEEP

6144:D06y7OZetU/Bxw95n/7ffLm9PMvIU1j3UhETh6VAprTsxyGLZ1Zl88Yl+gKDEnE:Y6yaBxw95TLm9kAekWh6Vsg91Zl8j+o

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/2836-2-0x0000000004B10000-0x0000000004B9F000-memory.dmp	family_raccoon_v1
behavioral2/memory/2836-3-0x0000000000400000-0x0000000002D06000-memory.dmp	family_raccoon_v1
behavioral2/memory/2836-4-0x0000000000400000-0x0000000002D06000-memory.dmp	family_raccoon_v1
behavioral2/memory/2836-7-0x0000000004B10000-0x0000000004B9F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
3988	2836	WerFault.exe	79
436	2836	WerFault.exe	79
4608	2836	WerFault.exe	79
2648	2836	WerFault.exe	79
3684	2836	WerFault.exe	79
3204	2836	WerFault.exe	79

C:\Users\Admin\AppData\Local\Temp\a6d47e21e6372b85a265bfd07606c4ab.exe
"C:\Users\Admin\AppData\Local\Temp\a6d47e21e6372b85a265bfd07606c4ab.exe"
1⤵
PID:2836
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 744
  2⤵
  - Program crash
  PID:3988
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 780
  2⤵
  - Program crash
  PID:436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 760
  2⤵
  - Program crash
  PID:4608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 888
  2⤵
  - Program crash
  PID:2648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 1164
  2⤵
  - Program crash
  PID:3684
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 620
  2⤵
  - Program crash
  PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2836 -ip 2836
1⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2836 -ip 2836
1⤵
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2836 -ip 2836
1⤵
PID:644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2836 -ip 2836
1⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2836 -ip 2836
1⤵
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2836 -ip 2836
1⤵
PID:1232

memory/2836-1-0x0000000002DC0000-0x0000000002EC0000-memory.dmp

Filesize
1024KB

Download
memory/2836-2-0x0000000004B10000-0x0000000004B9F000-memory.dmp

Filesize
572KB

Download
memory/2836-3-0x0000000000400000-0x0000000002D06000-memory.dmp

Filesize
41.0MB

Download
memory/2836-4-0x0000000000400000-0x0000000002D06000-memory.dmp

Filesize
41.0MB

Download
memory/2836-5-0x0000000002DC0000-0x0000000002EC0000-memory.dmp

Filesize
1024KB

Download
memory/2836-7-0x0000000004B10000-0x0000000004B9F000-memory.dmp

Filesize
572KB

Download