raccoon | 4a0d15bafff3997ec21b867c5c5b452a58fb8f21d4f28348dd16a022721aff90

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 07:00

Target

c024ae0c58884da83c4176b3f6fe5062.exe
Size

456KB
MD5

c024ae0c58884da83c4176b3f6fe5062
SHA1

d73baad21b51ce0b8b075642ef2ef3c2276f2e76
SHA256

4a0d15bafff3997ec21b867c5c5b452a58fb8f21d4f28348dd16a022721aff90
SHA512

ad31f958b42b4a5f45b1694e9b975be70de92581e6c6947ff8f0ff52e2c1dbc4b0e90e80eda823a6c8d9d5b07f67472f85ab96a75276518916341b12badaf6d5
SSDEEP

12288:H9Sc9I+z+XRW1qmn6zAUKuKXNafVvm+qec:HkQo0nvU0XNE1mT

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/2840-2-0x0000000004960000-0x00000000049EF000-memory.dmp	family_raccoon_v1
behavioral2/memory/2840-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/2840-4-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/2840-7-0x0000000004960000-0x00000000049EF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1220	2840	WerFault.exe	88
2936	2840	WerFault.exe	88
2100	2840	WerFault.exe	88
3940	2840	WerFault.exe	88
3512	2840	WerFault.exe	88
4896	2840	WerFault.exe	88

C:\Users\Admin\AppData\Local\Temp\c024ae0c58884da83c4176b3f6fe5062.exe
"C:\Users\Admin\AppData\Local\Temp\c024ae0c58884da83c4176b3f6fe5062.exe"
1⤵
PID:2840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 740
  2⤵
  - Program crash
  PID:1220
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 776
  2⤵
  - Program crash
  PID:2936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 752
  2⤵
  - Program crash
  PID:2100
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 884
  2⤵
  - Program crash
  PID:3940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 1196
  2⤵
  - Program crash
  PID:3512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 1224
  2⤵
  - Program crash
  PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2840 -ip 2840
1⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2840 -ip 2840
1⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2840 -ip 2840
1⤵
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2840 -ip 2840
1⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2840 -ip 2840
1⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2840 -ip 2840
1⤵
PID:3480

memory/2840-2-0x0000000004960000-0x00000000049EF000-memory.dmp

Filesize
572KB

Download
memory/2840-1-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/2840-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/2840-4-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/2840-5-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/2840-7-0x0000000004960000-0x00000000049EF000-memory.dmp

Filesize
572KB

Download