raccoon | b23a0980544636d7ddab2240c547ed6e9b8c6f69e2b777ec1f1d12dd0ab9b09f

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 07:03

Target

b6cdc09cdc1a685ec1fa1c2adc19cf8c.exe
Size

456KB
MD5

b6cdc09cdc1a685ec1fa1c2adc19cf8c
SHA1

e8d26c7b31a9e41fdd9f21d513b5275e117595e9
SHA256

b23a0980544636d7ddab2240c547ed6e9b8c6f69e2b777ec1f1d12dd0ab9b09f
SHA512

87ccd1f17974f8305ed9856d5bc255ebe24baa1ead326c3cc0dec3dec3f7fabe08b90c16ea576c0ab47a3de7524f6ae50d984921009882301335d3bb57509438
SSDEEP

6144:BZOGYXvwzw0mSEY3n/C+JIXGFNnM9clsvNcsWkD0oTmcLBfwwHwhZU9sI5/:BHzw0mXYPqXqlsvGsWI0cVLFwwec

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/4740-2-0x0000000004A60000-0x0000000004AEF000-memory.dmp	family_raccoon_v1
behavioral2/memory/4740-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/4740-4-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/4740-7-0x0000000004A60000-0x0000000004AEF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1548	4740	WerFault.exe	96
3248	4740	WerFault.exe	96
1968	4740	WerFault.exe	96
3092	4740	WerFault.exe	96
4396	4740	WerFault.exe	96
4604	4740	WerFault.exe	96

C:\Users\Admin\AppData\Local\Temp\b6cdc09cdc1a685ec1fa1c2adc19cf8c.exe
"C:\Users\Admin\AppData\Local\Temp\b6cdc09cdc1a685ec1fa1c2adc19cf8c.exe"
1⤵
PID:4740
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 740
  2⤵
  - Program crash
  PID:1548
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 776
  2⤵
  - Program crash
  PID:3248
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 756
  2⤵
  - Program crash
  PID:1968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 896
  2⤵
  - Program crash
  PID:3092
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 1196
  2⤵
  - Program crash
  PID:4396
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 620
  2⤵
  - Program crash
  PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4740 -ip 4740
1⤵
PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4740 -ip 4740
1⤵
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4740 -ip 4740
1⤵
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4740 -ip 4740
1⤵
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4740 -ip 4740
1⤵
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4740 -ip 4740
1⤵
PID:788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:3400

memory/4740-1-0x0000000002DB0000-0x0000000002EB0000-memory.dmp

Filesize
1024KB

Download
memory/4740-2-0x0000000004A60000-0x0000000004AEF000-memory.dmp

Filesize
572KB

Download
memory/4740-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/4740-4-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/4740-6-0x0000000002DB0000-0x0000000002EB0000-memory.dmp

Filesize
1024KB

Download
memory/4740-7-0x0000000004A60000-0x0000000004AEF000-memory.dmp

Filesize
572KB

Download