raccoon | cb0431843a465580af16a0fd3eac32bab34c3e52ee3951a50ac3d4c0d709d730

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 12:30

Target

c360ec99206b42b6052b4010f1131eb5.exe
Size

430KB
MD5

c360ec99206b42b6052b4010f1131eb5
SHA1

2df7494f7264c7da4fa1013b46ce92ae556e0342
SHA256

cb0431843a465580af16a0fd3eac32bab34c3e52ee3951a50ac3d4c0d709d730
SHA512

ae89c77deebb001c55de8af494febe3b8019f4449ce28ef461797b9212376a16c47ab0d08da45d48bfb311db935aef9e0691a8eb33040a3ede530eed24e8ca54
SSDEEP

12288:95iIGBEQxVJJNziGSFP5lccvnuvtdKLcoZL:nigQxDL7SFPfccGBw

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/5024-2-0x0000000004980000-0x0000000004A0F000-memory.dmp	family_raccoon_v1
behavioral2/memory/5024-3-0x0000000000400000-0x0000000002CFA000-memory.dmp	family_raccoon_v1
behavioral2/memory/5024-7-0x0000000004980000-0x0000000004A0F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
3080	5024	WerFault.exe	83
2872	5024	WerFault.exe	83
1204	5024	WerFault.exe	83
2480	5024	WerFault.exe	83
828	5024	WerFault.exe	83
4100	5024	WerFault.exe	83

C:\Users\Admin\AppData\Local\Temp\c360ec99206b42b6052b4010f1131eb5.exe
"C:\Users\Admin\AppData\Local\Temp\c360ec99206b42b6052b4010f1131eb5.exe"
1⤵
PID:5024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 744
  2⤵
  - Program crash
  PID:3080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 760
  2⤵
  - Program crash
  PID:2872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 768
  2⤵
  - Program crash
  PID:1204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 760
  2⤵
  - Program crash
  PID:2480
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 1056
  2⤵
  - Program crash
  PID:828
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 1216
  2⤵
  - Program crash
  PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5024 -ip 5024
1⤵
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5024 -ip 5024
1⤵
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5024 -ip 5024
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5024 -ip 5024
1⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5024 -ip 5024
1⤵
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5024 -ip 5024
1⤵
PID:4644

memory/5024-1-0x0000000002FE0000-0x00000000030E0000-memory.dmp

Filesize
1024KB

Download
memory/5024-2-0x0000000004980000-0x0000000004A0F000-memory.dmp

Filesize
572KB

Download
memory/5024-3-0x0000000000400000-0x0000000002CFA000-memory.dmp

Filesize
41.0MB

Download
memory/5024-5-0x0000000002FE0000-0x00000000030E0000-memory.dmp

Filesize
1024KB

Download
memory/5024-7-0x0000000004980000-0x0000000004A0F000-memory.dmp

Filesize
572KB

Download