raccoon | 52a03d41d4ba45ec0716b9226e2d33ab[.]exe | Triage

Sharing

General

Target

52a03d41d4ba45ec0716b9226e2d33ab.exe
Size

52KB
MD5

52a03d41d4ba45ec0716b9226e2d33ab
SHA1

400fbf436e1789f92ac7ab9628764a5a8b6e0285
SHA256

66ae9bb22008f89ef0c961d293e95318bfdd67429b0345b8f64550467cb360f3
SHA512

66ca3f9d94033cd66c640d207d9304a18eed2c65b7de59b4e58d4e3e3fb9a4b7055b760613b9fb4464ad621531a98da63a02967f379a23dc28a8b9e2569fe9f8
SSDEEP

768:RWwtoXuUHKxI2zN5JjR2yAKJwA2+LVY3z5nNYJNqEzFqhseSex/x9yoOBMM:RtoeUqu2/5AKJwAXmnNYJNZDFAOg

Score

10^/10

48b666ccdcdf3511c5b4921dc5f7b868 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

48b666ccdcdf3511c5b4921dc5f7b868

C2

http://5.253.84.117/

rc4.plain

Signatures

Raccoon Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_raccoon
Raccoon family
raccoon

Files

52a03d41d4ba45ec0716b9226e2d33ab.exe
.exe windows x86

d24bd3ad7ee896b96a52568978d9c343

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FreeLibrary
lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
LoadLibraryW

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ