Behavioral task
behavioral1
Sample
3096-140-0x0000000000400000-0x000000000041F000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3096-140-0x0000000000400000-0x000000000041F000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
3096-140-0x0000000000400000-0x000000000041F000-memory.dmp
-
Size
124KB
-
MD5
4c353bf8db3bf4b48e8fc3f77a65b0a6
-
SHA1
0c5d6fddccb607726097e7c3374b1b140fee2064
-
SHA256
fb40f8b7e7e9616a1c28fc2ccd7d3f665a5f5e987f260e89d4b157d557fee90f
-
SHA512
b698bd6c89ed108ca4d4ff085ead838791d650a3d1ca607a8b91e33ed28f2a45aab165f35248775c8c4ce4228f63104df10c432bda619fa947b442d59fa0b4c9
-
SSDEEP
1536:/ja4qX8uFJQvccqJ4QFn8XwcWwH7Yq8BG8TcdayFtvhV732+oOl8s4PBqZ1zObEg:/jYPQRQmr8YLNL6dzjPAvZjy5g
Malware Config
Extracted
raccoon
80d70b6c10dd99963cfe4382232cb920
http://94.142.138.213/
-
user_agent
B1D3N_RIM_MY_ASS
Signatures
-
Raccoon Stealer V2 payload 1 IoCs
resource yara_rule sample family_raccoon_v2 -
Raccoon family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3096-140-0x0000000000400000-0x000000000041F000-memory.dmp
Files
-
3096-140-0x0000000000400000-0x000000000041F000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 98KB - Virtual size: 97KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ