raccoon | 6a39e039b505a8dc77840f5f7992ab2147e80e7e254965abcfed37146a92acbb

Analysis

max time kernel
158s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 12:27

Target

cb6862d118abf5a9547dec191a40604b.exe
Size

487KB
MD5

cb6862d118abf5a9547dec191a40604b
SHA1

50baf07fb1817dedd24949b719f221b61504842d
SHA256

6a39e039b505a8dc77840f5f7992ab2147e80e7e254965abcfed37146a92acbb
SHA512

bee40251622af0aa3f4219ac7e94f2211426e6fca9b592f27f76f8f3ca23f9a3c0ceea9ec364e1928bb0b1b37a3debee8f6fc9246ec81d4071ea67479498e591
SSDEEP

6144:NxLct378CZjJrStECLsagPnF/fOQgOhhfH4cCvUU3DYQ6Qn0sZywLjKgFVg8FY6C:NxIt373drStEPHd/f/tRC8gYQ0sge4

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/4708-2-0x0000000001F60000-0x0000000001FEF000-memory.dmp	family_raccoon_v1
behavioral2/memory/4708-3-0x0000000000400000-0x0000000001DC7000-memory.dmp	family_raccoon_v1
behavioral2/memory/4708-7-0x0000000001F60000-0x0000000001FEF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
3104	4708	WerFault.exe	86
4160	4708	WerFault.exe	86
4144	4708	WerFault.exe	86
4452	4708	WerFault.exe	86
2524	4708	WerFault.exe	86
4376	4708	WerFault.exe	86

C:\Users\Admin\AppData\Local\Temp\cb6862d118abf5a9547dec191a40604b.exe
"C:\Users\Admin\AppData\Local\Temp\cb6862d118abf5a9547dec191a40604b.exe"
1⤵
PID:4708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 740
  2⤵
  - Program crash
  PID:3104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 748
  2⤵
  - Program crash
  PID:4160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 828
  2⤵
  - Program crash
  PID:4144
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 896
  2⤵
  - Program crash
  PID:4452
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 840
  2⤵
  - Program crash
  PID:2524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 1196
  2⤵
  - Program crash
  PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4708 -ip 4708
1⤵
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4708 -ip 4708
1⤵
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4708 -ip 4708
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4708 -ip 4708
1⤵
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4708 -ip 4708
1⤵
PID:1568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4708 -ip 4708
1⤵
PID:3272

memory/4708-1-0x0000000002010000-0x0000000002110000-memory.dmp

Filesize
1024KB

Download
memory/4708-2-0x0000000001F60000-0x0000000001FEF000-memory.dmp

Filesize
572KB

Download
memory/4708-3-0x0000000000400000-0x0000000001DC7000-memory.dmp

Filesize
25.8MB

Download
memory/4708-6-0x0000000002010000-0x0000000002110000-memory.dmp

Filesize
1024KB

Download
memory/4708-7-0x0000000001F60000-0x0000000001FEF000-memory.dmp

Filesize
572KB

Download