raccoon | 1956-54-0x0000000000D90000-0x0000000001863000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1956-54-0x0000000000D90000-0x0000000001863000-memory.dmp
Size

10.8MB
MD5

7fca41c0726c05081b0ffa4e988e3960
SHA1

f3cb2634bd71a14731f519e3322230a27d8df75b
SHA256

7ac8da011e3287dfc131d29f59bd1496626b55d53fc8ee14346d9728154d93b4
SHA512

4ac107ab54871ecb3b35eaa271debbf096aa69c7da7b021ec625a0ca8299370ee7356182aaf94f1a9b79e1a46acafb03d2eacbcc703561a499ad70182f06d7e1
SSDEEP

196608:qCtQgg1z9s5q1ug8+lYscWgPLYRokn831cpf+iEj5K0fMJHs2Lg4b:qSQggl6U7KscLSoS01cpfoK0mbL

Score

10^/10

33517255a0ef9f5788ac22aca65a1b63 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

33517255a0ef9f5788ac22aca65a1b63

C2

http://23.229.117.245/

rc4.plain

Signatures

Raccoon Stealer payload 1 IoCs

resource	yara_rule
sample	family_raccoon

Raccoon family
raccoon

Files

1956-54-0x0000000000D90000-0x0000000001863000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

./J
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

. y%
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.>4"
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ