raccoon | 4a68c09a2e48193430b9b0c7a88c7b0d[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a68c09a2e48193430b9b0c7a88c7b0d.exe
Size

85KB
MD5

4a68c09a2e48193430b9b0c7a88c7b0d
SHA1

2828c937ced4de279d8c8ccf163891dcc81ad057
SHA256

34a74095cc9ddabe70e50a3dfaf54ba404db34e18e12270ff6afe8281b46b744
SHA512

e5be8db54a39b88cbfcc56ec13e12c3bc6c0b5ecc09a24590cc92777b06684b9895661ec4fc9d5022542bbd1a58836fce27e7d05d33f8fc2813076d4a7c8ccf2
SSDEEP

1536:4MDtfn4xngxeMcBWaiUTyBS4/HXdS34WgPhZIK4wfAet27B8FnQ2XxublGrDwT:bBfnbROWai0yBS4/Z55x4iAV7m5rXxup

Score

10^/10

7fee208ec99dff86f108d1721498b551 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

7fee208ec99dff86f108d1721498b551

C2

http://91.103.252.249:80/

xor.plain

Signatures

Raccoon Stealer payload 1 IoCs

resource	yara_rule
sample	family_raccoon

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a68c09a2e48193430b9b0c7a88c7b0d.exe

Files

4a68c09a2e48193430b9b0c7a88c7b0d.exe
.exe windows x86

9a4ec0dad65bdd0dc1e6a802e6362fd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
FindClose
CreateMutexA
LocalAlloc
ReleaseMutex
CancelWaitableTimer
GetLastError
SetEvent
LoadLibraryA
ReleaseSemaphore
ResetEvent
CreateWaitableTimerA
GetProcAddress
LocalFree
SetEnvironmentVariableA
CreateFileMappingW
CreateSemaphoreA
CreateEventA
lstrlenA
CloseHandle
FindFirstFileA

advapi32

RegOpenKeyExA

ole32

CoInitialize

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ