raccoon | 8f6b75483f74b4bea49f60a4e537c1cfb03f4ad594a3f79787104a668a9ed0e4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8f6b75483f74b4bea49f60a4e537c1cfb03f4ad594a3f79787104a668a9ed0e4
Size

85KB
MD5

44b150e993dfd18285127bdf3b2195bb
SHA1

26fd6b3cc2f4dcdc16cb404d1bef99e11a7ee8a4
SHA256

8f6b75483f74b4bea49f60a4e537c1cfb03f4ad594a3f79787104a668a9ed0e4
SHA512

8d86a899789ec5a0cb65d511d077187a2e6a7c04dcb384941e2c1a1fc50da0aff889cdff031876dcb5aa7e2f0402c9236290b7de011351bc856b256c504d21aa
SSDEEP

1536:ORLNQIfcBuof7xJPYuPfwO3dL7C5aq5v+E/LtRWIOQA3zMo7BlKdH/K:CLN3Iuof7TY44O3dL71KRRzOvjfOdH/K

Score

10^/10

infostealer_generic raccoon

Malware Config

Signatures

Raccoon Stealer payload 1 IoCs

resource	yara_rule
sample	family_raccoon

Raccoon family
raccoon

Find unpacked information stealer based on possible SQL query to retrieve broswer data 1 IoCs

Detects infostealer.

infostealer_generic

resource	yara_rule
sample	infostealer_generic_browser_sql

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f6b75483f74b4bea49f60a4e537c1cfb03f4ad594a3f79787104a668a9ed0e4

Files

8f6b75483f74b4bea49f60a4e537c1cfb03f4ad594a3f79787104a668a9ed0e4
.exe windows:6 windows x86

52fcc5c1bcda70fa4759c08995c5a5fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
ReleaseSemaphore
OutputDebugStringA
FindClose
CreateMutexA
LocalAlloc
ReleaseMutex
CancelWaitableTimer
GetLastError
GetProcAddress
CloseHandle
ResetEvent
CreateWaitableTimerA
LocalFree
SetEnvironmentVariableA
CreateFileMappingW
CreateSemaphoreA
CreateEventA
lstrlenA
SetEvent
LoadLibraryA

advapi32

RegOpenKeyExA

ole32

CoInitialize

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cug
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE