raccoon | 44379440d7864f6cc6ac99a5ce79e21d2b8c9cb58cf5e86e7f57e073f18d37d8

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 19:18

Target

44379440d7864f6cc6ac99a5ce79e21d2b8c9cb58cf5e86e7f57e073f18d37d8.exe
Size

5.1MB
MD5

e6c1f065e805853f81b9242c43ec3990
SHA1

1441bc0f1691d99c33030a2ad9760cc7f72bf379
SHA256

44379440d7864f6cc6ac99a5ce79e21d2b8c9cb58cf5e86e7f57e073f18d37d8
SHA512

985cf8e87879540c1aedd2ea2e5edb67d8043ca947996cb5d2eb19483ed9679609e5b784832b092f9cb31dfec4076f2d4e8cfdd42a9dfb9e1830f34b863b07e4
SSDEEP

98304:cwGgxhH7zDmW1Kcmq86Qd/wy6wbgSahwTEE+4C9PRgHhgG:cfC3mWu6gwBhwTbtM8hgG

Score

10^/10

Family

raccoon

Botnet

5705cf455d54ce026eb2bfe61ead11fc

http://193.233.132.15:80

Attributes

xor.plain

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V2 payload 2 IoCs

resource	yara_rule
behavioral2/memory/216-0-0x0000000000400000-0x0000000000DA4000-memory.dmp	family_raccoon_v2
behavioral2/memory/216-4-0x0000000000400000-0x0000000000DA4000-memory.dmp	family_raccoon_v2

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/216-0-0x0000000000400000-0x0000000000DA4000-memory.dmp	vmprotect
behavioral2/memory/216-4-0x0000000000400000-0x0000000000DA4000-memory.dmp	vmprotect

C:\Users\Admin\AppData\Local\Temp\44379440d7864f6cc6ac99a5ce79e21d2b8c9cb58cf5e86e7f57e073f18d37d8.exe
"C:\Users\Admin\AppData\Local\Temp\44379440d7864f6cc6ac99a5ce79e21d2b8c9cb58cf5e86e7f57e073f18d37d8.exe"
1⤵
PID:216

memory/216-0-0x0000000000400000-0x0000000000DA4000-memory.dmp

Filesize
9.6MB

Download
memory/216-4-0x0000000000400000-0x0000000000DA4000-memory.dmp

Filesize
9.6MB

Download