raccoon | c3ccce1b034afe8dfd13db2057d97c84060edec3ddcf9db8b93f8d9bbb089cb7

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de2492f2a4cf4a3018e3e4814bf40895.exe
Size

486KB
MD5

de2492f2a4cf4a3018e3e4814bf40895
SHA1

4ec461c3c639b9a8db0a2f8224c490ac9681964b
SHA256

c3ccce1b034afe8dfd13db2057d97c84060edec3ddcf9db8b93f8d9bbb089cb7
SHA512

b9d63b79a02879c5e835f108703512a1b12aa82cafedbc1243a7a9f99e862565fc6cd6e35e0e4c17a4fee2ac4c03fec45331d1eef1c2b6fad954d51fce1ffac1
SSDEEP

12288:kBLPOI/Sop5gPSR3I8LYWhOcdn6oroBJLK1k:kB3qocPSR3TYwOV/TLK1k

Score

10^/10

raccoon 04d511fa4566fa4f749bc15a75b397df3548d126 stealer

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

04d511fa4566fa4f749bc15a75b397df3548d126

Attributes

url4cnc
https://t.me/lalaeuro4i4a

rc4.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 5 IoCs

resource	yara_rule
behavioral2/memory/3108-6-0x0000000000400000-0x0000000000492000-memory.dmp	family_raccoon_v1
behavioral2/memory/3108-8-0x0000000000400000-0x0000000000492000-memory.dmp	family_raccoon_v1
behavioral2/memory/3108-10-0x0000000000400000-0x0000000000492000-memory.dmp	family_raccoon_v1
behavioral2/memory/3108-11-0x0000000000400000-0x0000000000492000-memory.dmp	family_raccoon_v1
behavioral2/memory/3108-12-0x0000000000400000-0x0000000000492000-memory.dmp	family_raccoon_v1

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4624 set thread context of 3108	4624	de2492f2a4cf4a3018e3e4814bf40895.exe	92

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4624	de2492f2a4cf4a3018e3e4814bf40895.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 3108	4624	de2492f2a4cf4a3018e3e4814bf40895.exe	92
PID 4624 wrote to memory of 3108	4624	de2492f2a4cf4a3018e3e4814bf40895.exe	92
PID 4624 wrote to memory of 3108	4624	de2492f2a4cf4a3018e3e4814bf40895.exe	92
PID 4624 wrote to memory of 3108	4624	de2492f2a4cf4a3018e3e4814bf40895.exe	92
PID 4624 wrote to memory of 3108	4624	de2492f2a4cf4a3018e3e4814bf40895.exe	92
PID 4624 wrote to memory of 3108	4624	de2492f2a4cf4a3018e3e4814bf40895.exe	92
PID 4624 wrote to memory of 3108	4624	de2492f2a4cf4a3018e3e4814bf40895.exe	92
PID 4624 wrote to memory of 3108	4624	de2492f2a4cf4a3018e3e4814bf40895.exe	92
PID 4624 wrote to memory of 3108	4624	de2492f2a4cf4a3018e3e4814bf40895.exe	92

C:\Users\Admin\AppData\Local\Temp\de2492f2a4cf4a3018e3e4814bf40895.exe
"C:\Users\Admin\AppData\Local\Temp\de2492f2a4cf4a3018e3e4814bf40895.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Users\Admin\AppData\Local\Temp\de2492f2a4cf4a3018e3e4814bf40895.exe
  C:\Users\Admin\AppData\Local\Temp\de2492f2a4cf4a3018e3e4814bf40895.exe
  2⤵
  PID:3108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3108-6-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/3108-8-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/3108-10-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/3108-11-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/3108-12-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/4624-0-0x0000000000B20000-0x0000000000B9E000-memory.dmp

Filesize
504KB

Download
memory/4624-1-0x0000000075380000-0x0000000075B30000-memory.dmp

Filesize
7.7MB

Download
memory/4624-2-0x00000000054F0000-0x0000000005500000-memory.dmp

Filesize
64KB

Download
memory/4624-3-0x00000000055F0000-0x0000000005666000-memory.dmp

Filesize
472KB

Download
memory/4624-4-0x0000000005570000-0x000000000558E000-memory.dmp

Filesize
120KB

Download
memory/4624-5-0x00000000055C0000-0x00000000055D0000-memory.dmp

Filesize
64KB

Download
memory/4624-9-0x0000000075380000-0x0000000075B30000-memory.dmp

Filesize
7.7MB

Download