raccoon | 1748-57-0x0000000000400000-0x00000000016F2000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1748-57-0x0000000000400000-0x00000000016F2000-memory.dmp
Size

18.9MB
MD5

898bf256fd744b9a4d51d5720846d5c5
SHA1

4cd14cc88b21f024b20497fcfd23a32dcc344905
SHA256

d738c4d45e529169a2b55a6cf7117cd84db22d7b7bcd3078fde8306b6e2304ef
SHA512

cbc48b120358f0690056251fd8d4b631008b08e6bfde121d5dcac1d487c82d187adf28f85607c7fb6402081f4b211cba0caee24fdaf56f39932331eb17183f7c
SSDEEP

393216:CN4SQfSoLRVCUFb82s5R74vs+pJE2P1efa8KaKd3HtK/itFNPEJ:CN4t7o8lq2ofXKaKR8qDNEJ

Score

10^/10

091ee05eafd24e97a5ef6c9e06f96448 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

091ee05eafd24e97a5ef6c9e06f96448

C2

http://94.142.138.107/

xor.plain

Signatures

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1748-57-0x0000000000400000-0x00000000016F2000-memory.dmp

Files

1748-57-0x0000000000400000-0x00000000016F2000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.h)r
Size: - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.]:.
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T;x
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ