raccoon | 17b1136d12dfe2c774f4e4c0e86d1fff[.]bin

General

Target

17b1136d12dfe2c774f4e4c0e86d1fff.bin
Size

39KB
MD5

a91e066e1d039ccf63a5d9442430a77c
SHA1

6951a104ea38105f5401f42afcd0f5b92c158c98
SHA256

9b37a105c2433dacf99ec90d208b1e7f555d2ebf92c57ebd618e4b27488f1b00
SHA512

34e7d8dec62fd8ff716a85f0a316831dc48535cc85604569deef3bb041ecdc79b4c238c30942ece7c1c8124f43923b3300a31b913200fde1f73e97871f3248d2
SSDEEP

768:HBJJlLxuxZ2ESW9d3PuP7Vta5Nn+50x24A4agd2c0jcZhs96NLd5d:HL4Z2pOhIa5Nn+5GTA4OcrsQNL1

Score

10^/10

ae10bcb793f8a68322201f142e7c4a14 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

ae10bcb793f8a68322201f142e7c4a14

C2

http://91.103.252.52:80

http://91.103.252.50:80

xor.plain

Signatures

Raccoon Stealer payload 1 IoCs

resource	yara_rule
static1/unpack001/ce96e10fef8c98b8500c90f5fd844030355c22d66aa37a43cbebd48659bccfcd.exe	family_raccoon

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ce96e10fef8c98b8500c90f5fd844030355c22d66aa37a43cbebd48659bccfcd.exe

Files

17b1136d12dfe2c774f4e4c0e86d1fff.bin
.zip

Password: infected
ce96e10fef8c98b8500c90f5fd844030355c22d66aa37a43cbebd48659bccfcd.exe
.exe windows x86

Password: infected

9a4ec0dad65bdd0dc1e6a802e6362fd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
FindClose
CreateMutexA
LocalAlloc
ReleaseMutex
CancelWaitableTimer
GetLastError
SetEvent
LoadLibraryA
ReleaseSemaphore
ResetEvent
CreateWaitableTimerA
GetProcAddress
LocalFree
SetEnvironmentVariableA
CreateFileMappingW
CreateSemaphoreA
CreateEventA
lstrlenA
CloseHandle
FindFirstFileA

advapi32

RegOpenKeyExA

ole32

CoInitialize

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ykbn
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

9a4ec0dad65bdd0dc1e6a802e6362fd0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 1KB

ykbn Size: 5KB - Virtual size: 8KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 1KB

ykbn
Size: 5KB - Virtual size: 8KB