raccoon | 8ea7e098522cb46482fad73b8abf73f6c74f85d5e42953eb5353d5bfeb9497d0

Analysis

max time kernel
158s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 06:27

Target

b6bc146e7e2f88afc9b81dc6cb4e4c54.exe
Size

429KB
MD5

b6bc146e7e2f88afc9b81dc6cb4e4c54
SHA1

dbd03a9b751c8aadad427f11840faf58e82b0fc7
SHA256

8ea7e098522cb46482fad73b8abf73f6c74f85d5e42953eb5353d5bfeb9497d0
SHA512

ed1c9d57915cf34d7c871cb4347d1c8f33d4be1debc99777423a1b5014dfb5e7cee8c4ba22427acf3023ac4c4339455b7801cf4a0b040f5cd50b9ae1441fcd4f
SSDEEP

6144:cQst6TSjD99W5FZN5NSWStmYKO5q/tqJSCbmkO17oURR1jiUb0onp8g3I4sI5/:C6TSHy5d5o91KO5QtrMm9UUsFYGgYpc

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/4332-2-0x0000000004AB0000-0x0000000004B3F000-memory.dmp	family_raccoon_v1
behavioral2/memory/4332-3-0x0000000000400000-0x0000000002CFB000-memory.dmp	family_raccoon_v1
behavioral2/memory/4332-4-0x0000000000400000-0x0000000002CFB000-memory.dmp	family_raccoon_v1
behavioral2/memory/4332-7-0x0000000004AB0000-0x0000000004B3F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
5008	4332	WerFault.exe	86
3488	4332	WerFault.exe	86
4352	4332	WerFault.exe	86
5096	4332	WerFault.exe	86
4712	4332	WerFault.exe	86
4440	4332	WerFault.exe	86

C:\Users\Admin\AppData\Local\Temp\b6bc146e7e2f88afc9b81dc6cb4e4c54.exe
"C:\Users\Admin\AppData\Local\Temp\b6bc146e7e2f88afc9b81dc6cb4e4c54.exe"
1⤵
PID:4332
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 740
  2⤵
  - Program crash
  PID:5008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 776
  2⤵
  - Program crash
  PID:3488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 756
  2⤵
  - Program crash
  PID:4352
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 896
  2⤵
  - Program crash
  PID:5096
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 932
  2⤵
  - Program crash
  PID:4712
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 1204
  2⤵
  - Program crash
  PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4332 -ip 4332
1⤵
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4332 -ip 4332
1⤵
PID:1420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4332 -ip 4332
1⤵
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4332 -ip 4332
1⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4332 -ip 4332
1⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4332 -ip 4332
1⤵
PID:1208

memory/4332-1-0x0000000003010000-0x0000000003110000-memory.dmp

Filesize
1024KB

Download
memory/4332-2-0x0000000004AB0000-0x0000000004B3F000-memory.dmp

Filesize
572KB

Download
memory/4332-3-0x0000000000400000-0x0000000002CFB000-memory.dmp

Filesize
41.0MB

Download
memory/4332-4-0x0000000000400000-0x0000000002CFB000-memory.dmp

Filesize
41.0MB

Download
memory/4332-6-0x0000000003010000-0x0000000003110000-memory.dmp

Filesize
1024KB

Download
memory/4332-7-0x0000000004AB0000-0x0000000004B3F000-memory.dmp

Filesize
572KB

Download