raccoon | 24d889bae17743c94b494b98147438603a42b396594592c3d5e6b104742b3547

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 05:50

Target

ab270565df70533f0023598f4ecf4987.exe
Size

467KB
MD5

ab270565df70533f0023598f4ecf4987
SHA1

f1943fe6f8df6584a6ca2f279a2ddfece4d11f1c
SHA256

24d889bae17743c94b494b98147438603a42b396594592c3d5e6b104742b3547
SHA512

82afcaef43f653d6b6a24b61f2468faa84ee237396f0594aba810cc5bc61bbe3ba9b89650923706a59efbb7b06d6e5af8e9065401dca98371135523630f26483
SSDEEP

12288:wqIfZ20e+sooa6pKnOohkcojKOlrxXdPAH:5QNe1aIKOEFOlrwH

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/3192-2-0x0000000004A50000-0x0000000004AE3000-memory.dmp	family_raccoon_v1
behavioral2/memory/3192-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/3192-7-0x0000000004A50000-0x0000000004AE3000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
948	3192	WerFault.exe	79
3628	3192	WerFault.exe	79
3460	3192	WerFault.exe	79
1364	3192	WerFault.exe	79
4468	3192	WerFault.exe	79
4540	3192	WerFault.exe	79

C:\Users\Admin\AppData\Local\Temp\ab270565df70533f0023598f4ecf4987.exe
"C:\Users\Admin\AppData\Local\Temp\ab270565df70533f0023598f4ecf4987.exe"
1⤵
PID:3192
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 740
  2⤵
  - Program crash
  PID:948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 776
  2⤵
  - Program crash
  PID:3628
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 744
  2⤵
  - Program crash
  PID:3460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 776
  2⤵
  - Program crash
  PID:1364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 1160
  2⤵
  - Program crash
  PID:4468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 1216
  2⤵
  - Program crash
  PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3192 -ip 3192
1⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3192 -ip 3192
1⤵
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3192 -ip 3192
1⤵
PID:828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3192 -ip 3192
1⤵
PID:1084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3192 -ip 3192
1⤵
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3192 -ip 3192
1⤵
PID:4852

memory/3192-1-0x0000000002EB0000-0x0000000002FB0000-memory.dmp

Filesize
1024KB

Download
memory/3192-2-0x0000000004A50000-0x0000000004AE3000-memory.dmp

Filesize
588KB

Download
memory/3192-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/3192-6-0x0000000002EB0000-0x0000000002FB0000-memory.dmp

Filesize
1024KB

Download
memory/3192-7-0x0000000004A50000-0x0000000004AE3000-memory.dmp

Filesize
588KB

Download