raccoon | 7218d54608e55779fd4b3bb6c7ea022a4ddf03ecc33c687209e87f937340e87a

Analysis

max time kernel
158s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 06:11

Target

addf66c224aff122d02e27adb6f5830b.exe
Size

423KB
MD5

addf66c224aff122d02e27adb6f5830b
SHA1

71d92b6db0f4dea263d21f29883e99fe2fdf77df
SHA256

7218d54608e55779fd4b3bb6c7ea022a4ddf03ecc33c687209e87f937340e87a
SHA512

9a0a784e9d50d25d7c81a9f1413f1b9307cc0f323b6407c100d1595495914484d15d4d30ce15bf741f6f3f4964b9b386157faeb400a9f68e3b8409de6321abc3
SSDEEP

6144:VwHAasCJ63x8tWcc8/gA9hCwyw+cl4o312IMnC3GSCcoPy9pIEKxm5b:EqC4GtWccEgAfVyjR4IC3GHTPy9pIDc

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/952-2-0x0000000004AC0000-0x0000000004B4F000-memory.dmp	family_raccoon_v1
behavioral2/memory/952-3-0x0000000000400000-0x0000000002CF8000-memory.dmp	family_raccoon_v1
behavioral2/memory/952-4-0x0000000000400000-0x0000000002CF8000-memory.dmp	family_raccoon_v1
behavioral2/memory/952-7-0x0000000004AC0000-0x0000000004B4F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
4884	952	WerFault.exe	85
4736	952	WerFault.exe	85
860	952	WerFault.exe	85
4896	952	WerFault.exe	85
4856	952	WerFault.exe	85
2560	952	WerFault.exe	85

C:\Users\Admin\AppData\Local\Temp\addf66c224aff122d02e27adb6f5830b.exe
"C:\Users\Admin\AppData\Local\Temp\addf66c224aff122d02e27adb6f5830b.exe"
1⤵
PID:952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 740
  2⤵
  - Program crash
  PID:4884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 744
  2⤵
  - Program crash
  PID:4736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 892
  2⤵
  - Program crash
  PID:860
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 756
  2⤵
  - Program crash
  PID:4896
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 1148
  2⤵
  - Program crash
  PID:4856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 1208
  2⤵
  - Program crash
  PID:2560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 952 -ip 952
1⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 952 -ip 952
1⤵
PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 952 -ip 952
1⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 952 -ip 952
1⤵
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 952 -ip 952
1⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 952 -ip 952
1⤵
PID:4072

memory/952-1-0x0000000002DB0000-0x0000000002EB0000-memory.dmp

Filesize
1024KB

Download
memory/952-2-0x0000000004AC0000-0x0000000004B4F000-memory.dmp

Filesize
572KB

Download
memory/952-3-0x0000000000400000-0x0000000002CF8000-memory.dmp

Filesize
41.0MB

Download
memory/952-4-0x0000000000400000-0x0000000002CF8000-memory.dmp

Filesize
41.0MB

Download
memory/952-6-0x0000000002DB0000-0x0000000002EB0000-memory.dmp

Filesize
1024KB

Download
memory/952-7-0x0000000004AC0000-0x0000000004B4F000-memory.dmp

Filesize
572KB

Download