raccoon | c8c136d959b8815ef99e16640525758e0ed9a5596275f056735752b351ae5972

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2024 13:35

Target

df4af06566b11749aeccd17f1d0801f5.exe
Size

575KB
MD5

df4af06566b11749aeccd17f1d0801f5
SHA1

ae2d5280d92c8a8a1c74e3e1816aeae58f88c0df
SHA256

c8c136d959b8815ef99e16640525758e0ed9a5596275f056735752b351ae5972
SHA512

2bdee0b8032dcbea44b924328a17b806c73167d3ff10b3391595aef0022a519ae2582ac3081b744175a95b295d256eea7b9618155d8da5db6fd99191b6cc413c
SSDEEP

6144:/paP8LMxkVmCPGN3xTsRIObboJyEhKk4Ox8d5oXT2tGC7NQ5YrxbzChBNOiIanXD:/gP84xeaFh6EMOJe7258sKaX59Y

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/2384-2-0x0000000002420000-0x00000000024AF000-memory.dmp	family_raccoon_v1
behavioral2/memory/2384-3-0x0000000000400000-0x00000000021AE000-memory.dmp	family_raccoon_v1
behavioral2/memory/2384-4-0x0000000000400000-0x00000000021AE000-memory.dmp	family_raccoon_v1
behavioral2/memory/2384-7-0x0000000002420000-0x00000000024AF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1380	2384	WerFault.exe	88
1312	2384	WerFault.exe	88
4784	2384	WerFault.exe	88
648	2384	WerFault.exe	88
384	2384	WerFault.exe	88
448	2384	WerFault.exe	88

C:\Users\Admin\AppData\Local\Temp\df4af06566b11749aeccd17f1d0801f5.exe
"C:\Users\Admin\AppData\Local\Temp\df4af06566b11749aeccd17f1d0801f5.exe"
1⤵
PID:2384
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 744
  2⤵
  - Program crash
  PID:1380
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 776
  2⤵
  - Program crash
  PID:1312
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 872
  2⤵
  - Program crash
  PID:4784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 904
  2⤵
  - Program crash
  PID:648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 1164
  2⤵
  - Program crash
  PID:384
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 1152
  2⤵
  - Program crash
  PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2384 -ip 2384
1⤵
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2384 -ip 2384
1⤵
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2384 -ip 2384
1⤵
PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2384 -ip 2384
1⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2384 -ip 2384
1⤵
PID:1300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 2384 -ip 2384
1⤵
PID:1564

memory/2384-1-0x00000000024C0000-0x00000000025C0000-memory.dmp

Filesize
1024KB

Download
memory/2384-2-0x0000000002420000-0x00000000024AF000-memory.dmp

Filesize
572KB

Download
memory/2384-3-0x0000000000400000-0x00000000021AE000-memory.dmp

Filesize
29.7MB

Download
memory/2384-4-0x0000000000400000-0x00000000021AE000-memory.dmp

Filesize
29.7MB

Download
memory/2384-5-0x00000000024C0000-0x00000000025C0000-memory.dmp

Filesize
1024KB

Download
memory/2384-7-0x0000000002420000-0x00000000024AF000-memory.dmp

Filesize
572KB

Download