Overview

overview

10

Static

static

10

1520-54-0x...ry.exe

windows7-x64

1520-54-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1520-54-0x0000000000400000-0x000000000091F000-memory.dmp

  • Size

    5.1MB

  • MD5

    752661aa1e17fa76c53a5883c97220c2

  • SHA1

    086f137aeb1c90cc0e0a56adc6f26374994867f9

  • SHA256

    375e1e09547898807822d4f56b15d2570481ec38597d48290e05678d50c96421

  • SHA512

    62c933cbb4806d8314294070b8afcbc7a25ff4aebaeecc8bef8628cfe900ef543f1820fa37266b747ffed0acd0c3047f27b12bd406098b1de2c5be91f229a492

  • SSDEEP

    98304:ui8lLmpXqZYQvVde8FivCeGDRsiSc7XBgZrzyWGgRSL6O2jSk6adBNWuz+VRD0Mc:s26uYZFwAurmXBazEgRSSjS5aT1z+/DS

Score
10/10
vmprotect540b1db0b12b23e63e6942952aa03e47raccoon

Malware Config

Extracted

Family

raccoon

Botnet

540b1db0b12b23e63e6942952aa03e47

C2

http://45.9.74.36/

http://45.9.74.34/
rc4.plain

Signatures

  • Raccoon family
    raccoon
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect

Files

  • 1520-54-0x0000000000400000-0x000000000091F000-memory.dmp
    .exe windows x86


    Headers

    Sections