raccoon | 124d47e038ccb87dc5077167f25806d9ed749c1a2d2803f1d679a18206cd9da6

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 22:59

Target

c45324f48edc91cc3627ba18205e252f.exe
Size

471KB
MD5

c45324f48edc91cc3627ba18205e252f
SHA1

f42a978235834f62c88e6afffbe397c14d5ac226
SHA256

124d47e038ccb87dc5077167f25806d9ed749c1a2d2803f1d679a18206cd9da6
SHA512

b401779b91d8a6a59594c475613fc9662521bbc8cc57e53c04d543799674c21217d151ebc511f2ae2528b852dcbcab9ec46725df4d811ceb781d637d357f0c3c
SSDEEP

6144:mVSLRetsPxG8McWrj6BwVTUUbuOH9p/ecg7fXqFzilQ7CKWrvmayo1x0NWPPMGd9:mVSQyFM7meVJ/YfauQ07mayo1OYT7T

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/1124-2-0x0000000003DC0000-0x0000000003E4F000-memory.dmp	family_raccoon_v1
behavioral2/memory/1124-3-0x0000000000400000-0x0000000002193000-memory.dmp	family_raccoon_v1
behavioral2/memory/1124-4-0x0000000000400000-0x0000000002193000-memory.dmp	family_raccoon_v1
behavioral2/memory/1124-7-0x0000000003DC0000-0x0000000003E4F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
4768	1124	WerFault.exe	88
4344	1124	WerFault.exe	88
3448	1124	WerFault.exe	88
1912	1124	WerFault.exe	88
3680	1124	WerFault.exe	88
3944	1124	WerFault.exe	88

C:\Users\Admin\AppData\Local\Temp\c45324f48edc91cc3627ba18205e252f.exe
"C:\Users\Admin\AppData\Local\Temp\c45324f48edc91cc3627ba18205e252f.exe"
1⤵
PID:1124
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 740
  2⤵
  - Program crash
  PID:4768
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 760
  2⤵
  - Program crash
  PID:4344
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 768
  2⤵
  - Program crash
  PID:3448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 876
  2⤵
  - Program crash
  PID:1912
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 1160
  2⤵
  - Program crash
  PID:3680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 1236
  2⤵
  - Program crash
  PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1124 -ip 1124
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1124 -ip 1124
1⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1124 -ip 1124
1⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1124 -ip 1124
1⤵
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1124 -ip 1124
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1124 -ip 1124
1⤵
PID:3212

memory/1124-1-0x0000000002250000-0x0000000002350000-memory.dmp

Filesize
1024KB

Download
memory/1124-2-0x0000000003DC0000-0x0000000003E4F000-memory.dmp

Filesize
572KB

Download
memory/1124-3-0x0000000000400000-0x0000000002193000-memory.dmp

Filesize
29.6MB

Download
memory/1124-4-0x0000000000400000-0x0000000002193000-memory.dmp

Filesize
29.6MB

Download
memory/1124-5-0x0000000002250000-0x0000000002350000-memory.dmp

Filesize
1024KB

Download
memory/1124-7-0x0000000003DC0000-0x0000000003E4F000-memory.dmp

Filesize
572KB

Download