Behavioral task
behavioral1
Sample
49193e765c9727f928acf97b6ed0c16ebbc107d80c393e91a7a57fde675b10bf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
49193e765c9727f928acf97b6ed0c16ebbc107d80c393e91a7a57fde675b10bf.exe
Resource
win10v2004-20230220-en
General
-
Target
49193e765c9727f928acf97b6ed0c16ebbc107d80c393e91a7a57fde675b10bf.zip
-
Size
361KB
-
MD5
bf2b93aa25b383160436521abc112b55
-
SHA1
8a985429ed73c162288c54b5a6e6e66f4f29fa56
-
SHA256
4720bb74fb59d088232fe8562ea606587b4ae627b4f79e000beacbea3b2a5fbe
-
SHA512
a87260e34f082e8fb8c0547f294eefbfa8ba30f5269c70cd9c1b31614ea2ab553a66d848a7b0d70cebba4f9cf6ffa09a5a9e98eb83673a780a500baf98110e96
-
SSDEEP
6144:pZclLUUlRL1fSktejEF3/iOMqWd+MDnDxKjU7ylR/xh9lIKQLpcUE0SBTb4smTRK:pZALU+xaXjKaOb0hDnDKUWr4K1UE0SNd
Malware Config
Extracted
raccoon
Signatures
-
Raccoon family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/49193e765c9727f928acf97b6ed0c16ebbc107d80c393e91a7a57fde675b10bf
Files
-
49193e765c9727f928acf97b6ed0c16ebbc107d80c393e91a7a57fde675b10bf.zip.zip
Password: infected
-
49193e765c9727f928acf97b6ed0c16ebbc107d80c393e91a7a57fde675b10bf.exe windows x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 428KB - Virtual size: 428KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ