raccoon | 51322e3471267349a562287242db3b45[.]bin

General

Target

51322e3471267349a562287242db3b45.bin
Size

46KB
MD5

9031e8bbb19db53ed3c6c86838724884
SHA1

b8d4c75c4260474249ffa0bf73251b4f87887937
SHA256

c9bab925c4e4894cf4c273d54d3a18862a76b4e6ab8bc639f1bd6226502e752d
SHA512

bb334ee43321367e5d81c2ab9f5a3c092d3a1f38c3382f6518c3972ffec0547c4ed1da53ff03a8d7369f635a3f308ba1c5d9f637bcbda2e8dc9f80e09cb6dd17
SSDEEP

768:Pg8fltJ7Nslh0v5OQg8llHkkJhO7nrVOb2wQhWet+hzPS8EkPXMtNge8xek:Pg8NtJZnv5OQg0xbO7nZwk+hz68f8Yey

Score

10^/10

706bb42023b3ce259823a09976b5d0db raccoon

Malware Config

Extracted

Family

raccoon

Botnet

706bb42023b3ce259823a09976b5d0db

C2

http://193.178.170.44:80/

Attributes

user_agent
SunShineMoonLight

xor.plain

Signatures

Raccoon Stealer payload 1 IoCs

resource	yara_rule
static1/unpack001/9952affcabbccc681e03047df87b05548324026730cb851fd5c89387036d4cd8.exe	family_raccoon

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9952affcabbccc681e03047df87b05548324026730cb851fd5c89387036d4cd8.exe

Files

51322e3471267349a562287242db3b45.bin
.zip

Password: infected
9952affcabbccc681e03047df87b05548324026730cb851fd5c89387036d4cd8.exe
.exe windows:6 windows x86

Password: infected

0fcb7632c48018563e5af2f63681ece5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
FindClose
CreateMutexA
LocalAlloc
ReleaseMutex
CancelWaitableTimer
GetLastError
SetEvent
LoadLibraryA
ReleaseSemaphore
LoadLibraryW
ResetEvent
CreateWaitableTimerA
GetProcAddress
LocalFree
SetEnvironmentVariableA
CreateFileMappingW
CreateSemaphoreA
CreateEventA
lstrlenA
CloseHandle
FindFirstFileA

advapi32

RegOpenKeyExA

ole32

CoInitialize

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rjev
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

0fcb7632c48018563e5af2f63681ece5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 1KB

rjev Size: 5KB - Virtual size: 8KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 1KB

rjev
Size: 5KB - Virtual size: 8KB