raccoon | 0503af61fcc1260a86771eb486d9f01df5ca37f3634d248c739322dcba03ae7b

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5e621bfac711e041543ddc7a2ab1974_JaffaCakes118.exe
Size

504KB
MD5

c5e621bfac711e041543ddc7a2ab1974
SHA1

d39a416b9538a8640d92b35537ed0c0022cf7cfc
SHA256

0503af61fcc1260a86771eb486d9f01df5ca37f3634d248c739322dcba03ae7b
SHA512

2869f1420f1573052a1e58c8a363461823e00f42ed6749ba4ff01684c6f636175514aab848235dfb8558b6865d07e500a4520fa525cde754dc03fa39a1983fa6
SSDEEP

6144:qxyK6b7nMRDnRTTOiyXiWWDU6vkVYizSAclbQH80hc9a0rYbYa7FCOc7knGyHM:qxmbbanhTaXJWY9mZ9FzavbFwI

Score

10^/10

raccoon 83fbe81dd43f775dd8af3cd619f88f428fbd9a96 discovery stealer

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

83fbe81dd43f775dd8af3cd619f88f428fbd9a96

Attributes

url4cnc
https://telete.in/opa4kiprivatem

rc4.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 5 IoCs

resource	yara_rule
behavioral2/memory/652-2-0x00000000048F0000-0x0000000004983000-memory.dmp	family_raccoon_v1
behavioral2/memory/652-3-0x0000000000400000-0x0000000000495000-memory.dmp	family_raccoon_v1
behavioral2/memory/652-5-0x00000000048F0000-0x0000000004983000-memory.dmp	family_raccoon_v1
behavioral2/memory/652-7-0x0000000000400000-0x0000000000495000-memory.dmp	family_raccoon_v1
behavioral2/memory/652-6-0x0000000000400000-0x0000000002CB4000-memory.dmp	family_raccoon_v1

Raccoon family
raccoon

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c5e621bfac711e041543ddc7a2ab1974_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c5e621bfac711e041543ddc7a2ab1974_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c5e621bfac711e041543ddc7a2ab1974_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/652-2-0x00000000048F0000-0x0000000004983000-memory.dmp

Filesize
588KB

Download
memory/652-1-0x0000000002E50000-0x0000000002F50000-memory.dmp

Filesize
1024KB

Download
memory/652-3-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/652-4-0x0000000002E50000-0x0000000002F50000-memory.dmp

Filesize
1024KB

Download
memory/652-5-0x00000000048F0000-0x0000000004983000-memory.dmp

Filesize
588KB

Download
memory/652-7-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/652-6-0x0000000000400000-0x0000000002CB4000-memory.dmp

Filesize
40.7MB

Download