raccoon | b651d89218869ad000fbc5adce938959870296a9af7c787f8b52a854231e336d

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 15:48

Target

b51343949d1d8f2a8f6d1ef032ab38d6.exe
Size

455KB
MD5

b51343949d1d8f2a8f6d1ef032ab38d6
SHA1

196e5a36b5f71e8b8df828b894f38367cb228d9e
SHA256

b651d89218869ad000fbc5adce938959870296a9af7c787f8b52a854231e336d
SHA512

c490fb0c10a66af4a2de0f039ef1abc515c0b1624d32caa118a98af86506bbf3b8b6a4934ff5e583f1ef402294a694a4cd52759d3ee0223b7d82d90e8812bc58
SSDEEP

12288:SzhvEM0RgOLI4xs6GIPpSOEvALL7T8ZR0Dqkec:St/0VLI4xjUOdLHT8n07

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/2348-2-0x0000000004A50000-0x0000000004ADF000-memory.dmp	family_raccoon_v1
behavioral2/memory/2348-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/2348-6-0x0000000004A50000-0x0000000004ADF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2964	2348	WerFault.exe	88
4076	2348	WerFault.exe	88
4944	2348	WerFault.exe	88
1152	2348	WerFault.exe	88
3568	2348	WerFault.exe	88
2804	2348	WerFault.exe	88

C:\Users\Admin\AppData\Local\Temp\b51343949d1d8f2a8f6d1ef032ab38d6.exe
"C:\Users\Admin\AppData\Local\Temp\b51343949d1d8f2a8f6d1ef032ab38d6.exe"
1⤵
PID:2348
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 740
  2⤵
  - Program crash
  PID:2964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 760
  2⤵
  - Program crash
  PID:4076
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 768
  2⤵
  - Program crash
  PID:4944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 772
  2⤵
  - Program crash
  PID:1152
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 1196
  2⤵
  - Program crash
  PID:3568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 840
  2⤵
  - Program crash
  PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2348 -ip 2348
1⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2348 -ip 2348
1⤵
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2348 -ip 2348
1⤵
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2348 -ip 2348
1⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2348 -ip 2348
1⤵
PID:2464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2348 -ip 2348
1⤵
PID:2748

memory/2348-1-0x0000000002F70000-0x0000000003070000-memory.dmp

Filesize
1024KB

Download
memory/2348-2-0x0000000004A50000-0x0000000004ADF000-memory.dmp

Filesize
572KB

Download
memory/2348-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/2348-6-0x0000000004A50000-0x0000000004ADF000-memory.dmp

Filesize
572KB

Download
memory/2348-7-0x0000000002F70000-0x0000000003070000-memory.dmp

Filesize
1024KB

Download