raccoon | 8c6bfcef8131e02e228eb4e94537deb8c15f897eeaee0086f67e0bb6c45066f7

Analysis

max time kernel
154s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 06:40

Target

adedaf5e119be48cc90bf8b7851f9e5d.exe
Size

456KB
MD5

adedaf5e119be48cc90bf8b7851f9e5d
SHA1

08b30e6c30e66bfce82bd7e573f02b939a41bda0
SHA256

8c6bfcef8131e02e228eb4e94537deb8c15f897eeaee0086f67e0bb6c45066f7
SHA512

82e2c5b23e5c857673bfbc0beb3afceb2ad11c5624f6daf2a256c98eebd3c4d288129f0f550b6b374908e955d9feee3edb0893307d7cdbfce8c378ebffce0d89
SSDEEP

12288:/4mWlG2jcTEJSQUO6FweG9wSM8TVgZda2dqfzHEec:/Ys2jcTErU3FPSDTcdapw

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/1200-2-0x0000000004A70000-0x0000000004AFF000-memory.dmp	family_raccoon_v1
behavioral2/memory/1200-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/1200-4-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/1200-7-0x0000000004A70000-0x0000000004AFF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1192	1200	WerFault.exe	39
2136	1200	WerFault.exe	39
116	1200	WerFault.exe	39
3840	1200	WerFault.exe	39
3940	1200	WerFault.exe	39
4292	1200	WerFault.exe	39

C:\Users\Admin\AppData\Local\Temp\adedaf5e119be48cc90bf8b7851f9e5d.exe
"C:\Users\Admin\AppData\Local\Temp\adedaf5e119be48cc90bf8b7851f9e5d.exe"
1⤵
PID:1200
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 740
  2⤵
  - Program crash
  PID:1192
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 748
  2⤵
  - Program crash
  PID:2136
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 892
  2⤵
  - Program crash
  PID:116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 952
  2⤵
  - Program crash
  PID:3840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 1180
  2⤵
  - Program crash
  PID:3940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 1240
  2⤵
  - Program crash
  PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1200 -ip 1200
1⤵
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1200 -ip 1200
1⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1200 -ip 1200
1⤵
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1200 -ip 1200
1⤵
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1200 -ip 1200
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1200 -ip 1200
1⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3816 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:8
1⤵
PID:4672

memory/1200-1-0x0000000002D40000-0x0000000002E40000-memory.dmp

Filesize
1024KB

Download
memory/1200-2-0x0000000004A70000-0x0000000004AFF000-memory.dmp

Filesize
572KB

Download
memory/1200-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/1200-4-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/1200-6-0x0000000002D40000-0x0000000002E40000-memory.dmp

Filesize
1024KB

Download
memory/1200-7-0x0000000004A70000-0x0000000004AFF000-memory.dmp

Filesize
572KB

Download