raccoon | Setup[.]exe | Triage

Sharing

Reason

too many matches

General

Target

Setup.exe
Size

465.5MB
MD5

ad0fa47472a35628dccde2ac28f21386
SHA1

cf086fb5dfd0862a05e140aef13fd0aa2f4ed9da
SHA256

cb12b26a8d450e3f20955430b9aff68f30bcb845065660fb51eee4cf42b92b00
SHA512

ae033d7be724cd712b24498c64f047b3e9ed1b8238522a090b3654fc393f8bbb9d350a1daea72084f13d47e7c0d4c16f38f03d0bdc453c66a9841a9947084f3b
SSDEEP

24576:0eWEQohpu0d6IfVOQqTdOEabxzJly+cktH/MQZP8LX5QTQ5z8SMg+yF3OGf8O9Cr:pHmdM8p5YL9JVD

Score

10^/10

themida raccoon

Malware Config

Signatures

Raccoon Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_raccoon
Raccoon family
raccoon
Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Setup.exe

Files

Setup.exe
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE