raccoon | 1a4b53bc5c7bee277bbdf259298086afbdbaf149e51811a72b8b159ba9b1c115

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 18:38

Target

a9df5b777dcd667fe9172c51e80152cc.exe
Size

455KB
MD5

a9df5b777dcd667fe9172c51e80152cc
SHA1

8763613ad6ae9e2b903b5502e1b7bd02eb3befaf
SHA256

1a4b53bc5c7bee277bbdf259298086afbdbaf149e51811a72b8b159ba9b1c115
SHA512

b30b2fcebe1db1786745a6a9b7095e61355f905ef8d0964df62252468c315a9c9761c5f9320ab071f3d5407d11992e542deef855a5b3454ba8c68164b562ec36
SSDEEP

6144:k76kZfqoEiwd4bT8Y8xlcOx+Jww/NjJoR75JNwSKvdPxN4pWtVlUyxC+HwhZU9so:kxREjdnY8x8J//NVoR1LwTnX+X+ec

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/2512-2-0x0000000004930000-0x00000000049BF000-memory.dmp	family_raccoon_v1
behavioral2/memory/2512-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/2512-7-0x0000000004930000-0x00000000049BF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
3160	2512	WerFault.exe	85
4472	2512	WerFault.exe	85
2492	2512	WerFault.exe	85
3176	2512	WerFault.exe	85
4292	2512	WerFault.exe	85
1216	2512	WerFault.exe	85

C:\Users\Admin\AppData\Local\Temp\a9df5b777dcd667fe9172c51e80152cc.exe
"C:\Users\Admin\AppData\Local\Temp\a9df5b777dcd667fe9172c51e80152cc.exe"
1⤵
PID:2512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 748
  2⤵
  - Program crash
  PID:3160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 784
  2⤵
  - Program crash
  PID:4472
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 892
  2⤵
  - Program crash
  PID:2492
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 924
  2⤵
  - Program crash
  PID:3176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 1056
  2⤵
  - Program crash
  PID:4292
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 1264
  2⤵
  - Program crash
  PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2512 -ip 2512
1⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2512 -ip 2512
1⤵
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2512 -ip 2512
1⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2512 -ip 2512
1⤵
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2512 -ip 2512
1⤵
PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2512 -ip 2512
1⤵
PID:1120

memory/2512-1-0x0000000003090000-0x0000000003190000-memory.dmp

Filesize
1024KB

Download
memory/2512-2-0x0000000004930000-0x00000000049BF000-memory.dmp

Filesize
572KB

Download
memory/2512-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/2512-6-0x0000000003090000-0x0000000003190000-memory.dmp

Filesize
1024KB

Download
memory/2512-7-0x0000000004930000-0x00000000049BF000-memory.dmp

Filesize
572KB

Download