raccoon | 1624-57-0x0000000000400000-0x0000000001530000-memory[.]dmp

General

Target

1624-57-0x0000000000400000-0x0000000001530000-memory.dmp
Size

17.2MB
MD5

dcda5757b0075ca5f9a8f4c5bb38d937
SHA1

c88306ef6bd5e6076e6a25a8400f1f08624b06f3
SHA256

345098098a51a54d820fd387071e3b53f6772db861b90dc4e77c02935eaa0b74
SHA512

ad936b4a81441546c75c483211c937591deb9fd9e333e989ca7b73e354a0caa7f6df6d63294c209488ce80fcf6fc69319b1a918312eae76852d5414b69271eca
SSDEEP

393216:GvXCi293xbva3yefUkTsfpgnXRprnBMDZbuUweYzmBMm9mDW4N:O0dvatgfpgXRpNwZbuNz2Mm9t4N

Score

10^/10

cb48012fbfeee19d22811e9062518880 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

cb48012fbfeee19d22811e9062518880

C2

http://5.252.118.139/

http://85.192.63.185/

Attributes

user_agent
B1D3N_RIM_MY_ASS

xor.plain

Signatures

Raccoon Stealer V2 payload 1 IoCs

resource	yara_rule
sample	family_raccoon_v2

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1624-57-0x0000000000400000-0x0000000001530000-memory.dmp

Files

1624-57-0x0000000000400000-0x0000000001530000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.`(B
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.HSN
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Y{U
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 97KB

.rdata Size: - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.`(B Size: - Virtual size: 7.0MB

.HSN Size: 1024B - Virtual size: 884B

.Y{U Size: 9.6MB - Virtual size: 9.6MB

.rsrc Size: 471KB - Virtual size: 470KB

.text
Size: - Virtual size: 97KB

.rdata
Size: - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.`(B
Size: - Virtual size: 7.0MB

.HSN
Size: 1024B - Virtual size: 884B

.Y{U
Size: 9.6MB - Virtual size: 9.6MB

.rsrc
Size: 471KB - Virtual size: 470KB