raccoon | tmp | Triage

Sharing

General

Target

tmp
Size

97KB
MD5

27f6ac34a792076fe891aaf3957f2cfe
SHA1

34fe49c23fc193dff0ae15e6ff9706dec3e587ec
SHA256

864ac7b76a3f8b2364a4f840a7b51d66a03c9811cf3832940ab241767b32c8ad
SHA512

a14bf42054572afd9fabea2d8f8e27b329ced1300f3237a453484c06af45dc0941effc458d7e877b79a30c3cd00fcb0315d3c732096e140cdac985c0705ad973
SSDEEP

3072:VANfQKMuflyKX9FBFya6mob2lRL6RJ//5O:60O9FBn6pb+URJ/

Score

10^/10

ca77ed9f61111863e1aeb2022d5f0cbf raccoon

Malware Config

Extracted

Family

raccoon

Botnet

ca77ed9f61111863e1aeb2022d5f0cbf

C2

http://77.91.76.14:80

Attributes

user_agent
SunShineMoonLight

xor.plain

Signatures

Raccoon Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_raccoon
Raccoon family
raccoon
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

tmp

Files

tmp
.exe windows:6 windows x86 arch:x86

0fcb7632c48018563e5af2f63681ece5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
FindClose
CreateMutexA
LocalAlloc
ReleaseMutex
CancelWaitableTimer
GetLastError
SetEvent
LoadLibraryA
ReleaseSemaphore
LoadLibraryW
ResetEvent
CreateWaitableTimerA
GetProcAddress
LocalFree
SetEnvironmentVariableA
CreateFileMappingW
CreateSemaphoreA
CreateEventA
lstrlenA
CloseHandle
FindFirstFileA

advapi32

RegOpenKeyExA

ole32

CoInitialize

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE