raccoon | 1236-54-0x0000000000400000-0x000000000091F000-memory[.]dmp

General

Target

1236-54-0x0000000000400000-0x000000000091F000-memory.dmp
Size

5.1MB
MD5

4463fd6442ad3ce7e1ff398238d4289f
SHA1

c2948ae5fb737d705f638c1367cf57e2a88702a1
SHA256

b6c588a09a8886e9f1d6ca62a463a9b70712886fd247f4191b33dc7a8ca595fa
SHA512

3a2a55ef92384246a181c49f6b0c35b9eb980f80c19d9a5afcfc8cc7877043c398d613e73b8e61383b5403770d672fa579a2c0f5b7281a1a4e53485d09662b86
SSDEEP

98304:yiElympfqBRQvVde8FivCeGDRsiScTXBgZrzyWGgRSL6O2jSk6adBNWuz+VRD0Mc:Z2y3YZFwAurmXBazEgRSSjS5aT1z+/DS

Score

10^/10

vmprotect 540b1db0b12b23e63e6942952aa03e47 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

540b1db0b12b23e63e6942952aa03e47

C2

http://45.9.74.36/

http://45.9.74.34/

Attributes

user_agent
B1D3N_RIM_MY_ASS

xor.plain

Signatures

Raccoon Stealer V2 payload 1 IoCs

resource	yara_rule
sample	family_raccoon_v2

Raccoon family
raccoon

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1236-54-0x0000000000400000-0x000000000091F000-memory.dmp

Files

1236-54-0x0000000000400000-0x000000000091F000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 184KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 97KB

.rdata Size: - Virtual size: 10KB

.data Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.2MB - Virtual size: 3.2MB

.rsrc Size: 184KB - Virtual size: 339KB

.text
Size: - Virtual size: 97KB

.rdata
Size: - Virtual size: 10KB

.data
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

.rsrc
Size: 184KB - Virtual size: 339KB