General

  • Target

    3096-140-0x0000000000400000-0x000000000041F000-memory.dmp

  • Size

    124KB

  • MD5

    4c353bf8db3bf4b48e8fc3f77a65b0a6

  • SHA1

    0c5d6fddccb607726097e7c3374b1b140fee2064

  • SHA256

    fb40f8b7e7e9616a1c28fc2ccd7d3f665a5f5e987f260e89d4b157d557fee90f

  • SHA512

    b698bd6c89ed108ca4d4ff085ead838791d650a3d1ca607a8b91e33ed28f2a45aab165f35248775c8c4ce4228f63104df10c432bda619fa947b442d59fa0b4c9

  • SSDEEP

    1536:/ja4qX8uFJQvccqJ4QFn8XwcWwH7Yq8BG8TcdayFtvhV732+oOl8s4PBqZ1zObEg:/jYPQRQmr8YLNL6dzjPAvZjy5g

Malware Config

Extracted

Family

raccoon

Botnet

80d70b6c10dd99963cfe4382232cb920

C2

http://94.142.138.213/

Attributes
  • user_agent

    B1D3N_RIM_MY_ASS

xor.plain

Signatures

  • Raccoon Stealer V2 payload 1 IoCs
  • Raccoon family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3096-140-0x0000000000400000-0x000000000041F000-memory.dmp
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections