raccoon | 2932-0-0x0000000000400000-0x0000000002004000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2932-0-0x0000000000400000-0x0000000002004000-memory.dmp
Size

28.0MB
MD5

f9936c7229747a183da618f6daa997aa
SHA1

2480a7f6649c3927c199a3ef5e5844667827e40b
SHA256

8eb237f2290671e258841e095155881dd11c5b81a7d13660bfed463a3974fda3
SHA512

bd85bb04c8a511f724673fe16d1ab36943a70696688caefc4348a836f4d2da968d4c9a014ba8cb8fce1f7c1e487b225424866189aaec88f1c9f8275c08b21b99
SSDEEP

786432:vfSnLvNbWx4T9m2SmwDIMSVBwMf9Hjv3sBTm0g:H8m4T02SEH5v3eSL

Score

10^/10

raccoon

Malware Config

Signatures

Raccoon Stealer V2 payload 1 IoCs

resource	yara_rule
sample	family_raccoon_v2

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2932-0-0x0000000000400000-0x0000000002004000-memory.dmp

Files

2932-0-0x0000000000400000-0x0000000002004000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls0
Size: - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls1
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls2
Size: 17.8MB - Virtual size: 17.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ