raccoon | a02[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a02.exe
Size

6.0MB
MD5

7aa1b586401a170e3326782cce367025
SHA1

2ef37a3ecd522e5f954fca4eae4eb2c75bf155eb
SHA256

249ef6343e3a6316852abefe7c73400b57ff7204a05ff46011a00847ba52053e
SHA512

3e674e6c80f725ce6cb785089e9dd7e14961f6e32c6305b73baa945c7572b4857af2fb406df9f6c4632b1cb1ebb5ffdbf5173ee98d0c5678ddfc94f8d5f8cd60
SSDEEP

98304:2pReUPZtlw98TK6xFlbX6ujDqb2lyMJA1VHByvPk2xGtrNZMHQr8dFh5dQ5:N4Nwz6rlKu6bYfJApYk2cJAQwd5C

Score

10^/10

��3p�op2pq�?��ɗ38p�/��=n~p��[p�ߟ��]uop��raccoon

Malware Config

Extracted

Family

raccoon

Botnet

��3p�OP2pq�?��ɗ38p�/��=N~p��[p�ߟ��]Uop��;�

xor.plain

Signatures

Raccoon Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_raccoon
Raccoon family
raccoon
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

a02.exe

resource	yara_rule
sample	family_raccoon

resource
a02.exe

Files

a02.exe
.exe windows x86

9f8af27f520ea359d999bd8cba16dec6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetModuleFileNameA
WinExec
CloseHandle
WideCharToMultiByte
WriteFile
GetSystemTime
ReadFile
FlushFileBuffers
GetFileTime
GetLastError
SystemTimeToFileTime
CreateFileA
GetTempPathA
Sleep
CreateMutexA
ExitProcess
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSection
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleA
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

crypt32

CryptStringToBinaryA
CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateContext
CertGetCertificateContextProperty

winhttp

WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpQueryOption
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpReadData
WinHttpSendRequest

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 484KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

9f8af27f520ea359d999bd8cba16dec6

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

crypt32

winhttp

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 5.4MB - Virtual size: 5.4MB

.data Size: 484KB - Virtual size: 489KB

.rsrc Size: 4KB - Virtual size: 600B

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 5.4MB - Virtual size: 5.4MB

.data
Size: 484KB - Virtual size: 489KB

.rsrc
Size: 4KB - Virtual size: 600B