raccoon | b69a72479a30ce9aa5c45c66ce4b0efb7b6605c2ae357ef3d84165b63efa35a9

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2024 06:28

Target

daebe12ce691a49ea50fa273b3080eb2.exe
Size

516KB
MD5

daebe12ce691a49ea50fa273b3080eb2
SHA1

3beb4b0be94a369f9d2c1525ca4d4da8ab74f687
SHA256

b69a72479a30ce9aa5c45c66ce4b0efb7b6605c2ae357ef3d84165b63efa35a9
SHA512

bd96fb24dd7281663e3f60ce53e97b578da05c399bb7d0b6b1eba26d2b056f63591b45ba7b20ad8bd73a6ce2ca877086a97dfa92fee8021c3c36ff7e01ad1921
SSDEEP

12288:t6xbNWbf/oxu7dau5VOwPRvrfRX5SDkjhkenf:MNWMxuZakOEHSmHn

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/3944-2-0x0000000002460000-0x00000000024EF000-memory.dmp	family_raccoon_v1
behavioral2/memory/3944-3-0x0000000000400000-0x000000000219F000-memory.dmp	family_raccoon_v1
behavioral2/memory/3944-7-0x0000000002460000-0x00000000024EF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
5088	3944	WerFault.exe	87
4760	3944	WerFault.exe	87
3120	3944	WerFault.exe	87
4548	3944	WerFault.exe	87
5012	3944	WerFault.exe	87
3232	3944	WerFault.exe	87

C:\Users\Admin\AppData\Local\Temp\daebe12ce691a49ea50fa273b3080eb2.exe
"C:\Users\Admin\AppData\Local\Temp\daebe12ce691a49ea50fa273b3080eb2.exe"
1⤵
PID:3944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 740
  2⤵
  - Program crash
  PID:5088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 776
  2⤵
  - Program crash
  PID:4760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 756
  2⤵
  - Program crash
  PID:3120
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 868
  2⤵
  - Program crash
  PID:4548
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 1196
  2⤵
  - Program crash
  PID:5012
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 1216
  2⤵
  - Program crash
  PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3944 -ip 3944
1⤵
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3944 -ip 3944
1⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3944 -ip 3944
1⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3944 -ip 3944
1⤵
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3944 -ip 3944
1⤵
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3944 -ip 3944
1⤵
PID:4516

memory/3944-1-0x00000000024F0000-0x00000000025F0000-memory.dmp

Filesize
1024KB

Download
memory/3944-2-0x0000000002460000-0x00000000024EF000-memory.dmp

Filesize
572KB

Download
memory/3944-3-0x0000000000400000-0x000000000219F000-memory.dmp

Filesize
29.6MB

Download
memory/3944-6-0x00000000024F0000-0x00000000025F0000-memory.dmp

Filesize
1024KB

Download
memory/3944-7-0x0000000002460000-0x00000000024EF000-memory.dmp

Filesize
572KB

Download