General

  • Target

    Poste_2_3_14

  • Size

    45KB

  • MD5

    f1956c75f166c4761b44bd53a9c5e8d4

  • SHA1

    41e1f4017fcd5d2c4776cefe92427cfbca450ac3

  • SHA256

    30fd61d69f3838b6197c556bbd5f3568bb257a576119d3a32d43df324565b7cc

  • SHA512

    94c05414dbec1b2f18f03d3ff79b18dad1d5705b88a9df0c718a01fdfdf392c74429a40802f66d071dcd5dad6ed50e8df34be3945c6bf3d8863f22ff0fb401f0

  • SSDEEP

    768:fYPPSKamkJRHohe+ZjdFCR6K8CHqzzQPOWtNycRYzWppCCYDxdpZh2hsryVPNZ6P:w34JRIgmdFqZmzc2W/ymYq9YDrpnrgYO

Malware Config

Extracted

Family

raccoon

Botnet

5af94340eb260dc0fdec808e00cd2757

C2

http://185.193.125.199:8787

Attributes
  • user_agent

    SunShineMoonLight

xor.plain

Signatures

  • Raccoon Stealer payload 1 IoCs
  • Raccoon family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • Poste_2_3_14
    .exe windows:6 windows x86


    Headers

    Sections

  • out.upx
    .exe windows:6 windows x86


    Headers

    Sections