raccoon | 2160-3-0x0000000000400000-0x0000000000F93000-memory[.]dmp

General

Target

2160-3-0x0000000000400000-0x0000000000F93000-memory.dmp
Size

11.6MB
MD5

6809ca8749c2e0ae95f66b54a427de0b
SHA1

e603f35fa9e9b7ba50ff8e01ca7fdc5949b095e1
SHA256

bacbf2a7b721add621e60370085bf01c21eebf115eb7ce46dc3a8d5838174399
SHA512

ca46820f5bffd29fe176910a505ec9fd4d3e5dd31cb7ee094b7399a9ab00b3ae9e71dcc7c0322665d7bd786c2fa3cd97922349de849860d7c56643b801935819
SSDEEP

196608:3nMN1g1trKqtzq0DB2g7pLEFpmKU66BYVyr4nV7+Crxi0Ur9T:XRuqtxDZ7pLEpmBTBYsr41Y0K9

Score

10^/10

themida 87f528fdf77d01f9fa643940cd3d2289 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

87f528fdf77d01f9fa643940cd3d2289

C2

http://5.45.85.201:80/

Attributes

user_agent
GeekingToTheMoon

xor.plain

Signatures

Raccoon Stealer payload 1 IoCs

resource	yara_rule
sample	family_raccoon

Raccoon family
raccoon

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2160-3-0x0000000000400000-0x0000000000F93000-memory.dmp

Files

2160-3-0x0000000000400000-0x0000000000F93000-memory.dmp
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 34KB - Virtual size: 72KB

Size: 15KB - Virtual size: 22KB

Size: 512B - Virtual size: 1KB

.rsrc Size: 356KB - Virtual size: 355KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.4MB

.boot Size: 4.7MB - Virtual size: 4.7MB

.rsrc
Size: 356KB - Virtual size: 355KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.4MB

.boot
Size: 4.7MB - Virtual size: 4.7MB