raccoon | 98DBC861F6CC57691DB74376586791E5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

98DBC861F6CC57691DB74376586791E5
Size

108KB
MD5

98dbc861f6cc57691db74376586791e5
SHA1

171006bef430e2f5f71aeb998c82ac2036226d8e
SHA256

56f0df67a1ec29ec545d08403be6146454eaf4cd4ed4737a5f3d8e2267c7e65a
SHA512

9f85af8465c0855cecd481554cf12a268f8643f61333f390857248179b01bf49337bf8971baf4b64ac8fde5ed7a5026c86710d9143087d11ec4ac2ba511715a9
SSDEEP

3072:6EfIr0usN5rtB+U7ITo+StFTElFDYpcO:6yttI0PtWf

Score

10^/10

f2207cc6984622b8485f5089d6ca4069 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

f2207cc6984622b8485f5089d6ca4069

C2

http://5.78.81.39:8088/

Attributes

user_agent
GeekingToTheMoon

xor.plain

Signatures

Raccoon Stealer payload 1 IoCs

resource	yara_rule
sample	family_raccoon

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98DBC861F6CC57691DB74376586791E5

Files

98DBC861F6CC57691DB74376586791E5
.exe windows:6 windows x86

0fcb7632c48018563e5af2f63681ece5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
FindClose
CreateMutexA
LocalAlloc
ReleaseMutex
CancelWaitableTimer
GetLastError
SetEvent
LoadLibraryA
ReleaseSemaphore
LoadLibraryW
ResetEvent
CreateWaitableTimerA
GetProcAddress
LocalFree
SetEnvironmentVariableA
CreateFileMappingW
CreateSemaphoreA
CreateEventA
lstrlenA
CloseHandle
FindFirstFileA

advapi32

RegOpenKeyExA

ole32

CoInitialize

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE