raccoon | f4731e3513e054f55bbaeff16aab89bea6e7ae675a5607e38bf2f883d4ab657a

Analysis

max time kernel
142s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 13:34

Target

06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe
Size

640KB
MD5

06de2e0ace55ea7d2851585de90b3145
SHA1

7428fad5ba9490e09faf56eeae4b77f9f0d24873
SHA256

f4731e3513e054f55bbaeff16aab89bea6e7ae675a5607e38bf2f883d4ab657a
SHA512

0bd1e589843101e7fb05d68f8f10fe5e87816e3449de0cbcb91bd182f562492d34921b81056e224f50a2715a5d0022f5aa13687f865771d2a7c2a042b57857f3
SSDEEP

12288:Sy3eZASqYaIWxk1rveLVV0qYqA8Hj4SXnUmHFCQejTw/+:z3eZASqmYk4ptFA8Hj4LmsQh

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral1/memory/1652-12-0x0000000000B10000-0x0000000000B9E000-memory.dmp	family_raccoon_v1
behavioral1/memory/1652-13-0x0000000000400000-0x00000000008A8000-memory.dmp	family_raccoon_v1
behavioral1/memory/1652-14-0x0000000000400000-0x00000000008A8000-memory.dmp	family_raccoon_v1
behavioral1/memory/1652-17-0x0000000000B10000-0x0000000000B9E000-memory.dmp	family_raccoon_v1

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2476 set thread context of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28
PID 2476 wrote to memory of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28
PID 2476 wrote to memory of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28
PID 2476 wrote to memory of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28
PID 2476 wrote to memory of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28
PID 2476 wrote to memory of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28
PID 2476 wrote to memory of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28
PID 2476 wrote to memory of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28
PID 2476 wrote to memory of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28
PID 2476 wrote to memory of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28
PID 2476 wrote to memory of 1652	2476	06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Users\Admin\AppData\Local\Temp\06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\06de2e0ace55ea7d2851585de90b3145_JaffaCakes118.exe"
  2⤵
  PID:1652

memory/1652-10-0x0000000000400000-0x00000000008A8000-memory.dmp

Filesize
4.7MB

Download
memory/1652-5-0x0000000000400000-0x00000000008A8000-memory.dmp

Filesize
4.7MB

Download
memory/1652-1-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1652-7-0x0000000000400000-0x00000000008A8000-memory.dmp

Filesize
4.7MB

Download
memory/1652-9-0x0000000000400000-0x00000000008A8000-memory.dmp

Filesize
4.7MB

Download
memory/1652-11-0x0000000000CF0000-0x0000000000DF0000-memory.dmp

Filesize
1024KB

Download
memory/1652-12-0x0000000000B10000-0x0000000000B9E000-memory.dmp

Filesize
568KB

Download
memory/1652-13-0x0000000000400000-0x00000000008A8000-memory.dmp

Filesize
4.7MB

Download
memory/1652-14-0x0000000000400000-0x00000000008A8000-memory.dmp

Filesize
4.7MB

Download
memory/1652-16-0x0000000000CF0000-0x0000000000DF0000-memory.dmp

Filesize
1024KB

Download
memory/1652-17-0x0000000000B10000-0x0000000000B9E000-memory.dmp

Filesize
568KB

Download
memory/2476-4-0x0000000000220000-0x000000000029B000-memory.dmp

Filesize
492KB

Download
memory/2476-2-0x0000000001840000-0x0000000001940000-memory.dmp

Filesize
1024KB

Download