raccoon | dda579fac53b62f178780c65f278921827b6345f3cd0d3af174fabf8892ad3d7

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 09:01

Target

bada40e7ac95f8a57f7b90115cd04e9b.exe
Size

419KB
MD5

bada40e7ac95f8a57f7b90115cd04e9b
SHA1

1685bf9d5a1086fed8f914f034ccfeac4b5ec1a5
SHA256

dda579fac53b62f178780c65f278921827b6345f3cd0d3af174fabf8892ad3d7
SHA512

8e0e387bd0d0cab8e07475cdce1cdf605bc705d592c2ce760ec33337b2bef27ce69dfd6fd1a299619318bd26064783de50c9cb9050dc002e78b9ac667557f221
SSDEEP

12288:hdx+VvjNLPkByKykog3Rj6gtsvKn3lzh3c:lggkzOj6gtsvKnVzh

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/3992-2-0x0000000003B80000-0x0000000003C0F000-memory.dmp	family_raccoon_v1
behavioral2/memory/3992-3-0x0000000000400000-0x0000000001DB5000-memory.dmp	family_raccoon_v1
behavioral2/memory/3992-4-0x0000000000400000-0x0000000001DB5000-memory.dmp	family_raccoon_v1
behavioral2/memory/3992-7-0x0000000003B80000-0x0000000003C0F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
4124	3992	WerFault.exe	84
2568	3992	WerFault.exe	84
1588	3992	WerFault.exe	84
2196	3992	WerFault.exe	84
4772	3992	WerFault.exe	84
2004	3992	WerFault.exe	84

C:\Users\Admin\AppData\Local\Temp\bada40e7ac95f8a57f7b90115cd04e9b.exe
"C:\Users\Admin\AppData\Local\Temp\bada40e7ac95f8a57f7b90115cd04e9b.exe"
1⤵
PID:3992
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 740
  2⤵
  - Program crash
  PID:4124
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 760
  2⤵
  - Program crash
  PID:2568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 892
  2⤵
  - Program crash
  PID:1588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 768
  2⤵
  - Program crash
  PID:2196
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 1200
  2⤵
  - Program crash
  PID:4772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 1216
  2⤵
  - Program crash
  PID:2004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3992 -ip 3992
1⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3992 -ip 3992
1⤵
PID:1176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3992 -ip 3992
1⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3992 -ip 3992
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3992 -ip 3992
1⤵
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3992 -ip 3992
1⤵
PID:2628

memory/3992-1-0x00000000020E0000-0x00000000021E0000-memory.dmp

Filesize
1024KB

Download
memory/3992-2-0x0000000003B80000-0x0000000003C0F000-memory.dmp

Filesize
572KB

Download
memory/3992-3-0x0000000000400000-0x0000000001DB5000-memory.dmp

Filesize
25.7MB

Download
memory/3992-4-0x0000000000400000-0x0000000001DB5000-memory.dmp

Filesize
25.7MB

Download
memory/3992-6-0x00000000020E0000-0x00000000021E0000-memory.dmp

Filesize
1024KB

Download
memory/3992-7-0x0000000003B80000-0x0000000003C0F000-memory.dmp

Filesize
572KB

Download