Behavioral task
behavioral1
Sample
1964-132-0x0000000000400000-0x0000000000E83000-memory.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1964-132-0x0000000000400000-0x0000000000E83000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
1964-132-0x0000000000400000-0x0000000000E83000-memory.dmp
-
Size
10.5MB
-
MD5
709bffff2b3cc5d857629f262586657e
-
SHA1
6654d589493f96f7af3dace5c2aeadd1dfb423bb
-
SHA256
e462b66da403800245d1d7c599c41c835f17aa237f899ea0480010540fc41d19
-
SHA512
56761e969216208a4b44872b0b9f63855f67ff86d91fb72e9bc0a56217e06e97b2f4866522902d02719878b14b75a5f2e220edde7c64df95232deef9f98c35d0
-
SSDEEP
196608:+nIMvrnV/8kiv9t3zOqueaFjKOLaJJiSb4tlUVHQf6bSU5EuklXBAuFiti:+IYLjizOtjKOOJMXUVHQg7kj
Malware Config
Extracted
raccoon
4e27b39e9aaa6403f36702b4d66f5024
http://94.142.138.10/
http://94.142.138.9/
Signatures
-
Raccoon family
Files
-
1964-132-0x0000000000400000-0x0000000000E83000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.VG" Size: - Virtual size: 3.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.|u9 Size: 1024B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.=uO Size: 6.5MB - Virtual size: 6.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ