raccoon | 27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577.exe
Size

55KB
MD5

7a2ef36c5dbf72b92b1adfb52e1e5426
SHA1

abe82a1405471258c72d031191846ea627f1c63c
SHA256

27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577
SHA512

e75cd32ffa838a7258d5804cc48c75174a03b573329ad531c497c2fbf4b42eb9eb5c68cd951a8100cb34a985490c18d572791226e068f8e3a832279d35130931
SSDEEP

1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDtANyCa:wwshK8yMexbW9vJVDtANs

Score

10^/10

493cd800ef7e79f58f8ff5358ddf39e3 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

493cd800ef7e79f58f8ff5358ddf39e3

C2

http://85.202.169.112/

Attributes

user_agent
record

rc4.plain

rc4.plain

Signatures

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577.exe

Files

27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577.exe
.exe windows:6 windows x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ