raccoon | 5c4413fce239cfb51d0ef602b465626ea660649639bfc57a583c4142dad3dfe4

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca8fed5a1394c4c680b5d261d4bb688c.exe
Size

900KB
MD5

ca8fed5a1394c4c680b5d261d4bb688c
SHA1

3e41eb13b33e2be9d15bc16352cb7cae1fa33b8d
SHA256

5c4413fce239cfb51d0ef602b465626ea660649639bfc57a583c4142dad3dfe4
SHA512

3ff22d11caecc3985416cc72ae4a344853d9e8427168de72d940ba70a003f155a677bc9fc3a9503a758e9eed907ddd48a7715fc54bea744afa1745d86c751101
SSDEEP

24576:i4c3+VbG0AOOy8Gq73UpdWuwWggp0F8pQ5:ics0lOwq7Sp0FH

Score

10^/10

raccoon d7b6e0cee1cd813ad40c812cf45171cf0360e249 stealer

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

d7b6e0cee1cd813ad40c812cf45171cf0360e249

Attributes

url4cnc
https://telete.in/mimipanera11

rc4.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 5 IoCs

resource	yara_rule
behavioral2/memory/2304-7-0x0000000000400000-0x0000000000495000-memory.dmp	family_raccoon_v1
behavioral2/memory/2304-9-0x0000000000400000-0x0000000000495000-memory.dmp	family_raccoon_v1
behavioral2/memory/2304-11-0x0000000000400000-0x0000000000495000-memory.dmp	family_raccoon_v1
behavioral2/memory/2304-12-0x0000000000400000-0x0000000000495000-memory.dmp	family_raccoon_v1
behavioral2/memory/2304-13-0x0000000000400000-0x0000000000495000-memory.dmp	family_raccoon_v1

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2616 set thread context of 2304	2616	ca8fed5a1394c4c680b5d261d4bb688c.exe	98

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2616	ca8fed5a1394c4c680b5d261d4bb688c.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2304	2616	ca8fed5a1394c4c680b5d261d4bb688c.exe	98
PID 2616 wrote to memory of 2304	2616	ca8fed5a1394c4c680b5d261d4bb688c.exe	98
PID 2616 wrote to memory of 2304	2616	ca8fed5a1394c4c680b5d261d4bb688c.exe	98
PID 2616 wrote to memory of 2304	2616	ca8fed5a1394c4c680b5d261d4bb688c.exe	98
PID 2616 wrote to memory of 2304	2616	ca8fed5a1394c4c680b5d261d4bb688c.exe	98
PID 2616 wrote to memory of 2304	2616	ca8fed5a1394c4c680b5d261d4bb688c.exe	98
PID 2616 wrote to memory of 2304	2616	ca8fed5a1394c4c680b5d261d4bb688c.exe	98
PID 2616 wrote to memory of 2304	2616	ca8fed5a1394c4c680b5d261d4bb688c.exe	98
PID 2616 wrote to memory of 2304	2616	ca8fed5a1394c4c680b5d261d4bb688c.exe	98

C:\Users\Admin\AppData\Local\Temp\ca8fed5a1394c4c680b5d261d4bb688c.exe
"C:\Users\Admin\AppData\Local\Temp\ca8fed5a1394c4c680b5d261d4bb688c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Users\Admin\AppData\Local\Temp\ca8fed5a1394c4c680b5d261d4bb688c.exe
  C:\Users\Admin\AppData\Local\Temp\ca8fed5a1394c4c680b5d261d4bb688c.exe
  2⤵
  PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2304-7-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/2304-13-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/2304-12-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/2304-11-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/2304-9-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/2616-6-0x0000000005530000-0x0000000005556000-memory.dmp

Filesize
152KB

Download
memory/2616-0-0x0000000074D40000-0x00000000754F0000-memory.dmp

Filesize
7.7MB

Download
memory/2616-5-0x0000000005450000-0x000000000545A000-memory.dmp

Filesize
40KB

Download
memory/2616-4-0x0000000005680000-0x0000000005690000-memory.dmp

Filesize
64KB

Download
memory/2616-10-0x0000000074D40000-0x00000000754F0000-memory.dmp

Filesize
7.7MB

Download
memory/2616-3-0x0000000005490000-0x0000000005522000-memory.dmp

Filesize
584KB

Download
memory/2616-2-0x0000000005B20000-0x00000000060C4000-memory.dmp

Filesize
5.6MB

Download
memory/2616-1-0x0000000000AB0000-0x0000000000B92000-memory.dmp

Filesize
904KB

Download