raccoon | 51322E3471267349A562287242DB3B45[.]exe | Triage

Sharing

General

Target

51322E3471267349A562287242DB3B45.exe
Size

102KB
MD5

51322e3471267349a562287242db3b45
SHA1

6870bd7b87ee39339072770ee19b7ab24911dfd9
SHA256

9952affcabbccc681e03047df87b05548324026730cb851fd5c89387036d4cd8
SHA512

0753c4ef1f68db4d110c6803cf8ff78be06329f34b3f97b974cef34a33dde683f35448342e7a92caceaf46b13696df370203d3fdc09989f94c2d0c2277514d84
SSDEEP

3072:zANfQKMuflyKX9FBFya6mob2lsL6RJ//5OU:k0O9FBn6pb+DRJ/j

Score

10^/10

706bb42023b3ce259823a09976b5d0db raccoon

Malware Config

Extracted

Family

raccoon

Botnet

706bb42023b3ce259823a09976b5d0db

C2

http://193.178.170.44:80/

Attributes

user_agent
SunShineMoonLight

xor.plain

Signatures

Raccoon Stealer payload 1 IoCs

resource	yara_rule
sample	family_raccoon

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51322E3471267349A562287242DB3B45.exe

Files

51322E3471267349A562287242DB3B45.exe
.exe windows:6 windows x86

0fcb7632c48018563e5af2f63681ece5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
FindClose
CreateMutexA
LocalAlloc
ReleaseMutex
CancelWaitableTimer
GetLastError
SetEvent
LoadLibraryA
ReleaseSemaphore
LoadLibraryW
ResetEvent
CreateWaitableTimerA
GetProcAddress
LocalFree
SetEnvironmentVariableA
CreateFileMappingW
CreateSemaphoreA
CreateEventA
lstrlenA
CloseHandle
FindFirstFileA

advapi32

RegOpenKeyExA

ole32

CoInitialize

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rjev
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE