raccoon | CI_Launcher(beta)[.]zip

General

Target

CI_Launcher(beta).zip
Size

6.8MB
MD5

2e37091ea956c1e00538dc3394fd0aa3
SHA1

26d9bd269fa8d7a97c27579d0269d87004a20d9f
SHA256

c0161ea7df97f6bdd3c12b89c0d2a1c45aaf2e9bef525ae236b702c05cc165c5
SHA512

4d25f69ecaaaa942ab283ec971456ea0e8fbd5d6a456b69555b51e2726a46e4c87a58a96fca993017b382230616d41ab4bfcee94fd558473f4bfeaee6939330d
SSDEEP

98304:Q0/sVHVdTk1CPTrMJEZp0o7B62x5X9XdMWmY1B+E7z+sGbAvfP7BeY1qs:nWTTkIPT4+GK5X1dMib7zibAvfLp

Score

10^/10

4278ff881fb479c62e116f5ce679e6fa raccoon

Malware Config

Extracted

Family

raccoon

Botnet

4278ff881fb479c62e116f5ce679e6fa

C2

http://45.153.240.247/

rc4.plain

Signatures

Raccoon family
raccoon

Files

CI_Launcher(beta).zip
.zip

Password: island8
CI_Launcher(beta)/Coral_Island_Launcher.exe
.exe windows x86

Password: island8

b5af53b96a03972def1a5f287c0c1d5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoInitialize

user32

CharUpperBuffW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.grwgb0
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.grwgb1
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.grwgb2
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: island8

Password: island8

b5af53b96a03972def1a5f287c0c1d5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

user32

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 4B

.grwgb0 Size: 3.3MB - Virtual size: 3.3MB

.grwgb1 Size: 1024B - Virtual size: 872B

.grwgb2 Size: 2.8MB - Virtual size: 2.8MB

.rsrc Size: 358KB - Virtual size: 357KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 4B

.grwgb0
Size: 3.3MB - Virtual size: 3.3MB

.grwgb1
Size: 1024B - Virtual size: 872B

.grwgb2
Size: 2.8MB - Virtual size: 2.8MB

.rsrc
Size: 358KB - Virtual size: 357KB