General
-
Target
Poste_2_3_14
-
Size
45KB
-
MD5
f1956c75f166c4761b44bd53a9c5e8d4
-
SHA1
41e1f4017fcd5d2c4776cefe92427cfbca450ac3
-
SHA256
30fd61d69f3838b6197c556bbd5f3568bb257a576119d3a32d43df324565b7cc
-
SHA512
94c05414dbec1b2f18f03d3ff79b18dad1d5705b88a9df0c718a01fdfdf392c74429a40802f66d071dcd5dad6ed50e8df34be3945c6bf3d8863f22ff0fb401f0
-
SSDEEP
768:fYPPSKamkJRHohe+ZjdFCR6K8CHqzzQPOWtNycRYzWppCCYDxdpZh2hsryVPNZ6P:w34JRIgmdFqZmzc2W/ymYq9YDrpnrgYO
Malware Config
Extracted
raccoon
5af94340eb260dc0fdec808e00cd2757
http://185.193.125.199:8787
-
user_agent
SunShineMoonLight
Signatures
-
Raccoon Stealer payload 1 IoCs
resource yara_rule static1/unpack001/out.upx family_raccoon -
Raccoon family
-
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource Poste_2_3_14 unpack001/out.upx
Files
-
Poste_2_3_14.exe windows:6 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 68KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:6 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 73KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE