W7̄q@U��F�V�=h�;3E~Tҧ�%�P�+(�]��|�5[���do-{����{��扶zr�ѩ��R����<���*)7�� �Qø��$Q�?�Y[7j�B�Ϲ��x�����N���N5�#��7;�1�ڎW W0�E��l�%+��5:¬:�ө\�CvM�ǒ;WKV�sU�� ?=�"��{h�'*�B�Q�`"��}}l��?���K�}�$�h�Nz��0cɡ��ie}�x��\��a�-��e|��Lz&��o�!q9+����K��yN'b�]�Cxߘ�[z�,��Q[� ܼ�(����3`��;��e�>r��bVS3�}�8��[R'@+�[7� ARJ�o\Ԍ����������� ;|�kPx+d����{s(�����F�6�1)�7 �_!�bG��,�xD� �����֜R;�QYsYu�����oK��VdH��-� �q��u���t��=w�� )�,��oG��(�H� Z��<=�� �(.+R���;̧��D.Tiێ<����'G��ؕw��=qѱ��:�.��c��Hpj;|��/u�&c7Z��y, �����U``�k�nmb�NѠ<WtW�B|k呬es��`��x�D�^�o�l��j����yx�$�Ө����Cz�)��T�̥�2`�<�a �O����q�k4�T�L���fn�U�uv�8s�<�c"�[��{��L�ps��_�Ջ_�f�h�-�k�O��j�ƠBQ��=J���������k���a ��dT�'��;y��O\>�#:�$cM�b�y9ͩJ�3[�*� ���x=;�Ԛ��FBx�����ф>: ty��WY�}d�[U57q�.�}e0)O����2�j���L�#���X���>��J�L�qa���Ҟ�oX�[Fzk�^fI�M�%j/�*©�3�Ό���.�<���z&Q��5jЏ4HL�-7����s`���V[�� n���8��N� �L\Q��o�p��,/Y�,�G���[Ր��Ā��n�>�߫1 ��(��_DXQ�p��h��;1G���"�C���trl@mb��A�P�>l^�n�ɬOx���P�U���r=��� P��͞��iN� _��p��� J4v��yOq�U9�����4g @yF�83$h�ݙ�>���S���o�G��T�vQ��,:_�� ����A���1��?F�m�SlP�S�-�)H�g�6���"I�� ��}A>�8����B^�N��.��fIDր�j���m�\��.���ܽYin`XIc3�����>=�u�eTY,Л����u;��^��`��^�a58��g��n�ZK�x�0�-8`Q�� ��w�d^Z�u �u��N�YC�]I�t�-�d{�$?;�PǑ��_�n��G�aM���6_��V��2����um')#e68�Q��k_�p6��8�L��67�(}�a�iy��Ny���J �)�3�N��:~&Tvy"����HN��R*q=x�"ۖ����1<������da�͙���^d���ֈ�=�������}�%�P��0�v!n�\9����p3 ������,������Vf�j�����HB��ʴ�;�� e�⼤�;��vk�����t�J�W�]qN��ģ��<���$���p��=BU}M��o��[���2 �]x�r)"%�A-�:mn'�7jm�C�}0t�0�ȼ�/&+���d�\ԭ��".�~��|N��HH��G>Y�KW�̆\��;�A�Ҽl�E�����4=�/� ��]Ǵ+�bZ�!(�%M~?�\W(�-�����)v_G�:ޭy��d�OQD��5���*a��!|�����]��A �� ��p��� PU_�6�`�셥�����B�"̤ý5�G^8w����e1>c�u�.��"�`VVɒ�����`gi��"IUډ� @��ׂ�����I���#ٺ<��S�_*o{+&A��3?&�zb���7%���g?��ަ�Z+���N�� d���*kP�p۷ i�) ����+N�-T5�m�]M�'G�������� \�)D����ay���I�k���+�C���{�X���X�?����b_I���Z���&oW=�N�,��~�Ƽ7%�e;0����4��wQ<#�Y���C%��w���]P tf�6��%�Fϲ��zϠ~��z=;Ff�7�[{�5�5ޮbq��%x���*cѱ_?�~>�:m8��\�2EU�d�w�m�`��YKeAY��x��T^�+d}��ۦ�J�o��(\�6�+��4⩖��z�ϝ:�R$ ��~,_�����F��A� V��Y�O�Z.Ug<D�Z���@Y�F�b�L&L�?�e�3tL�|�Yj������-#fp�~j�0�4sg1�I>�&�4�ȹ�;�{�?&�nYDVgV���`%���r�p7�g�B*��)��AlG:Vԓ���/?�B��I��L�JҿL&fxh�&��4��A��2��J�E�-�lZ�܁/#9E:�M��d���h�$��L�X����*й�پ��鲹��a�E{=n�o����F�~ͱ�FvQ�e~�J%&S�(�]领�|�]I�<�|��}D %c@�ڞ*e�*���M@*�'�"�`�~;3��Y/�S��n�w��ZLg�an���(b}D�6A�����%4V�ql�Uo6\����M����9U9��y�ڗ���۾~ٹ�p�t6�������E� �M�s%��&J�9�h,'Av��j�DS��6V+9圪�u��b��F�u��0"�l Ė�yω����K� כF�:W^��5���.����.�HyMWI�=]ƦL} ����ĻݓK�l��4��kp>�\:{��0F��- �?q&�����c�/�y���O(�)��WM"��vzl�D� �m>�Q}}��*��I���ĭ�={�8b�iB-zL �5� �5�G�����E�pH����H��>�]Y���Lr>H:[(�z��r�L�:����ۍ��Iu�//Q�E���gN3��59��!�~�la��u��GX�'T�iC�S�Y��.�hP� D����Q�^A,�}W�5-
Behavioral task
behavioral1
Sample
88307a7799df42354f1268e934dfe62d409f4f9637a92927b6e07661e90d4e2b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
88307a7799df42354f1268e934dfe62d409f4f9637a92927b6e07661e90d4e2b.exe
Resource
win10v2004-20220812-en
General
-
Target
88307a7799df42354f1268e934dfe62d409f4f9637a92927b6e07661e90d4e2b.bin
-
Size
7.4MB
-
MD5
7ef4644fdf4462ecf166e14ada12f71f
-
SHA1
9c3970ab1ad55a7190de4b7485bcdf68f06d3679
-
SHA256
88307a7799df42354f1268e934dfe62d409f4f9637a92927b6e07661e90d4e2b
-
SHA512
a65769ea14232c128f6459b59eee2972bb85c0ceb1caa3538ca5342f0c2ee656e1969c9bd5c7db84c2b271ab8f5783d6cc0b938be242caee91c2073521556161
-
SSDEEP
196608:p6RhFPeuShkJ7b0YHUs63/onLEWSkbcxS:pluSkQKUsuonLhS4kS
Malware Config
Extracted
raccoon
ae32994aeb6e4d5535e47ed3fcaaf350
http://62.113.255.110/
http://188.215.229.203/
Signatures
-
Raccoon family
Files
-
88307a7799df42354f1268e934dfe62d409f4f9637a92927b6e07661e90d4e2b.bin.exe windows x86
0c8702090f96587df3ef3cf88157ac42
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FreeLibrary
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
advapi32
GetUserNameW
user32
CharUpperBuffW
Exports
Exports
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ieg Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.a-. Size: 1024B - Virtual size: 884B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.aCb Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ