Overview

overview

10

Static

static

10

3024-61-0x...ry.exe

windows7-x64

1

3024-61-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    3024-61-0x0000000000400000-0x000000000084F000-memory.dmp

  • Size

    4.3MB

  • MD5

    b1d84e7097e0c05982497a4f03bd1804

  • SHA1

    af3684c14b1f9b0bd23adda83eaa3bfb2b70ae2f

  • SHA256

    bf0c79e9594e5f52d80ed3a6f1e3d5607534a1f91b1a2482f72810d084dc0df7

  • SHA512

    f33ed5d5752d20dd3b12fc4030ad63ffbba4e12f1fc32a84d1f1c0e4142dd9c13fad3e0b5894ef020b5c14e567b90483d621c2862d4c7df7cd51d40d8ec46cb2

  • SSDEEP

    3072:9PI6GWpeVsXCLMrxbQrpuFqHsGFiBEE6NbmM+M6FRR+fgN:9P8WwesMrJQrpmVEiUyMms

Score
10/10
02715ba03fc9d768ba977c72db990ef6raccoon

Malware Config

Extracted

Family

raccoon

Botnet

02715ba03fc9d768ba977c72db990ef6

C2

http://193.233.132.30:80/

Attributes
  • user_agent

    MrBidenNeverKnow

xor.plain

Signatures

  • Raccoon Stealer V2 payload 1 IoCs
  • Raccoon family
    raccoon
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3024-61-0x0000000000400000-0x000000000084F000-memory.dmp
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections