raccoon | ea435f8deba53b4fd4a17dfd99f6d41ec709667aa0c79fd2ba8d5e896e93a0e3

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 08:08

Target

ae184334f95325bc0a52e10b74c0c755.exe
Size

428KB
MD5

ae184334f95325bc0a52e10b74c0c755
SHA1

09adce223485b4963ba31ee0733b764e9d1a51be
SHA256

ea435f8deba53b4fd4a17dfd99f6d41ec709667aa0c79fd2ba8d5e896e93a0e3
SHA512

3e1531414836f3ab371651dd53b07e85a52a3f54c47ddaa58206d6e51c9ccd574cbce4efd9369868050b8e0a96f7923571eef54dc88813d551b8e3c09131684b
SSDEEP

6144:fQzP+O+5JfAxm+lTFGGezyGhBi6vzu0a6ABTWVAPKZ1Haoxt7b24Yc1e:ozzIfAxRDQyG3i6vS0ZouZKR

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/2652-2-0x0000000004900000-0x000000000498F000-memory.dmp	family_raccoon_v1
behavioral2/memory/2652-3-0x0000000000400000-0x0000000002CF9000-memory.dmp	family_raccoon_v1
behavioral2/memory/2652-6-0x0000000004900000-0x000000000498F000-memory.dmp	family_raccoon_v1

Program crash 7 IoCs

pid	pid_target	Process	procid_target
3772	2652	WerFault.exe	29
4800	2652	WerFault.exe	29
5548	2652	WerFault.exe	29
3556	2652	WerFault.exe	29
5324	2652	WerFault.exe	29
3548	2652	WerFault.exe	29
5908	2652	WerFault.exe	29

C:\Users\Admin\AppData\Local\Temp\ae184334f95325bc0a52e10b74c0c755.exe
"C:\Users\Admin\AppData\Local\Temp\ae184334f95325bc0a52e10b74c0c755.exe"
1⤵
PID:2652
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 744
  2⤵
  - Program crash
  PID:3772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 780
  2⤵
  - Program crash
  PID:4800
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 760
  2⤵
  - Program crash
  PID:5548
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 888
  2⤵
  - Program crash
  PID:3556
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 744
  2⤵
  - Program crash
  PID:5324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 1168
  2⤵
  - Program crash
  PID:3548
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 1208
  2⤵
  - Program crash
  PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2652 -ip 2652
1⤵
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2652 -ip 2652
1⤵
PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2652 -ip 2652
1⤵
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2652 -ip 2652
1⤵
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2652 -ip 2652
1⤵
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2652 -ip 2652
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2652 -ip 2652
1⤵
PID:2204

memory/2652-1-0x0000000002E50000-0x0000000002F50000-memory.dmp

Filesize
1024KB

Download
memory/2652-2-0x0000000004900000-0x000000000498F000-memory.dmp

Filesize
572KB

Download
memory/2652-3-0x0000000000400000-0x0000000002CF9000-memory.dmp

Filesize
41.0MB

Download
memory/2652-6-0x0000000004900000-0x000000000498F000-memory.dmp

Filesize
572KB

Download
memory/2652-7-0x0000000002E50000-0x0000000002F50000-memory.dmp

Filesize
1024KB

Download