raccoon | 780-54-0x0000000000D00000-0x0000000001786000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

780-54-0x0000000000D00000-0x0000000001786000-memory.dmp
Size

10.5MB
MD5

a1dc4707be421d5967243db349e9afdb
SHA1

8199ab305ac8a2a25b0a0d170bb2f0b5dddec553
SHA256

65eba58f241b0e02f674f26dd43bc31b181fe41b1da8bd58b705cff757f59536
SHA512

5a860d5c0d48adcecdd8074ab350148363730975ab157b910b07535c15ffafea836d08613be0b825335c3b2447444baef413e3c54451715406570e492660d624
SSDEEP

196608:1B6YpkhmCCH0yPDFqrKbkRybtJrqOmYDWmQc7hwLHgWac+yX/BAoxmM2p9x0J9:1B6Yp8mCCHXPRKKwRyb7rqOYoh4AgFXF

Score

10^/10

b3e62a345d90ee80b30dcc988ddc399f raccoon

Malware Config

Extracted

Family

raccoon

Botnet

b3e62a345d90ee80b30dcc988ddc399f

C2

http://51.195.166.185/

rc4.plain

Signatures

Raccoon Stealer payload 1 IoCs

resource	yara_rule
sample	family_raccoon

Raccoon family
raccoon

Files

780-54-0x0000000000D00000-0x0000000001786000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

. ^q
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.?BJ
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dn|
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ