raccoon | b6b51b1ee6abf96a7bffd543c7736e5f3920d2cc299eef1a5f6c812d2af0fc07

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 02:14

Target

b641183407dfacaacd0f530fb5543a7f.exe
Size

474KB
MD5

b641183407dfacaacd0f530fb5543a7f
SHA1

adadf127465988c954c4417eef8fee19f915a834
SHA256

b6b51b1ee6abf96a7bffd543c7736e5f3920d2cc299eef1a5f6c812d2af0fc07
SHA512

55744d0af3e2d66e30cbbf58f241443d7d26005b6a7d7287446badb2ad40685015fcb98eb5f76ae82a131f7a7a1c9d2902db7a188a7d6597b90fff51138a27e4
SSDEEP

6144:ypGwhdHewLtKpjO2pqvtyy4ufPcKF6VcZkRnySmJW7AK6P0MFFLPiXOwS18bEcxb:y1/ewLI6z4KsVcwySm4sK68MFtn4EcF

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/1844-2-0x0000000004AA0000-0x0000000004B2F000-memory.dmp	family_raccoon_v1
behavioral2/memory/1844-3-0x0000000000400000-0x0000000002D05000-memory.dmp	family_raccoon_v1
behavioral2/memory/1844-7-0x0000000004AA0000-0x0000000004B2F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
3856	1844	WerFault.exe	88
1364	1844	WerFault.exe	88
4032	1844	WerFault.exe	88
4828	1844	WerFault.exe	88
1612	1844	WerFault.exe	88
2924	1844	WerFault.exe	88

C:\Users\Admin\AppData\Local\Temp\b641183407dfacaacd0f530fb5543a7f.exe
"C:\Users\Admin\AppData\Local\Temp\b641183407dfacaacd0f530fb5543a7f.exe"
1⤵
PID:1844
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 740
  2⤵
  - Program crash
  PID:3856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 776
  2⤵
  - Program crash
  PID:1364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 892
  2⤵
  - Program crash
  PID:4032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 912
  2⤵
  - Program crash
  PID:4828
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 1172
  2⤵
  - Program crash
  PID:1612
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 1184
  2⤵
  - Program crash
  PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1844 -ip 1844
1⤵
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1844 -ip 1844
1⤵
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1844 -ip 1844
1⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1844 -ip 1844
1⤵
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1844 -ip 1844
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1844 -ip 1844
1⤵
PID:3228

memory/1844-1-0x0000000002F00000-0x0000000003000000-memory.dmp

Filesize
1024KB

Download
memory/1844-2-0x0000000004AA0000-0x0000000004B2F000-memory.dmp

Filesize
572KB

Download
memory/1844-3-0x0000000000400000-0x0000000002D05000-memory.dmp

Filesize
41.0MB

Download
memory/1844-6-0x0000000002F00000-0x0000000003000000-memory.dmp

Filesize
1024KB

Download
memory/1844-7-0x0000000004AA0000-0x0000000004B2F000-memory.dmp

Filesize
572KB

Download