raccoon | 2edd93098d5c0107ec456baeba10ef565a43b1755cd92b04a162c68010c7199a | Triage

Sharing

General

Target

2edd93098d5c0107ec456baeba10ef565a43b1755cd92b04a162c68010c7199a
Size

52KB
MD5

22b5c1565846455b111521c38633c9a0
SHA1

487c9e3c719c697c1ffba53127f003e09cb2b355
SHA256

2edd93098d5c0107ec456baeba10ef565a43b1755cd92b04a162c68010c7199a
SHA512

3a600e038035a68da8252bd5b98b21195fd5b22bd68258c76880749ae10411580da9a7438ece0f82bb58904c45f8dc4e79f8e059b880dc58fcee9a0c600c90a1
SSDEEP

768:RWwtoXuUHKxI2zN5JjR2yAKJwA2+LVY3z5nNYJNqEzFqhseSex/x9yoOBMMq:RtoeUqu2/5AKJwAXmnNYJNZDFAOg/

Score

10^/10

48b666ccdcdf3511c5b4921dc5f7b868 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

48b666ccdcdf3511c5b4921dc5f7b868

C2

http://5.253.84.117/

rc4.plain

Signatures

Raccoon Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_raccoon
Raccoon family
raccoon

Files

2edd93098d5c0107ec456baeba10ef565a43b1755cd92b04a162c68010c7199a
.exe windows x86

d24bd3ad7ee896b96a52568978d9c343

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FreeLibrary
lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
LoadLibraryW

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ