Overview

overview

10

Static

static

10

3800-379-0...ry.exe

windows7-x64

1

3800-379-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3800-379-0x0000000000400000-0x000000000041D000-memory.dmp

  • Size

    116KB

  • MD5

    1dad6555c22fecdfbfd920b20db5875c

  • SHA1

    b600a18eb00e461f7fadbe21613646f4e41b9f2f

  • SHA256

    91acc4f9ca0e2fb0835ed1202067c7143a013aea5bc9e5b18dc81a4e5d59fca0

  • SHA512

    39dd39e6aa9d6e796c141d4c0224770a0981983c1b1edd7cd115712fc8e21c41d75406c6093db42de47c5bb10def4a307117b5ff9aefe3f108c4cb6c1872ff74

  • SSDEEP

    3072:eANfQKMuflyKX9FBFya6mob2l2L6RJ//5O:h0O9FBn6pb+BRJ/

Score
10/10
5e2505d8647542f05843f89ae7cd18e7raccoon

Malware Config

Extracted

Family

raccoon

Botnet

5e2505d8647542f05843f89ae7cd18e7

C2

http://128.140.101.125:80/

Attributes
  • user_agent

    SunShineMoonLight

xor.plain

Signatures

  • Raccoon Stealer payload 1 IoCs
  • Raccoon family
    raccoon
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3800-379-0x0000000000400000-0x000000000041D000-memory.dmp
    .exe windows:6 windows x86


    Headers

    Sections