General

  • Target

    1632-60-0x0000000000400000-0x0000000001CBF000-memory.dmp

  • Size

    24.7MB

  • MD5

    d0c89c337b0332687dec53bd2baa4367

  • SHA1

    76a166bda4b5173ddff5890e96714fb0df6abf09

  • SHA256

    a72a1f12a8d72c36b236afd52c9ebde7eb29878c12957d660ee9049bf2a66679

  • SHA512

    6343ff2003b957b8b032452d435def7f354c2c56c12c3a8b02996bf6130da306f2f979b1cbdb5d03f3230cd894bc67465225bc0aa10807b561c7262bc68675b9

  • SSDEEP

    786432:JDPEh/TrqOQE6VRZMVcsLqJ4gabxqG8W:GhHqOQF5M+8qCu

Malware Config

Extracted

Family

raccoon

Botnet

01ce0bf18c5eb0152a13b2ee5d4d8adc

C2

http://37.220.87.69

http://83.217.11.6

Attributes
  • user_agent

    B1D3N_RIM_MY_ASS

xor.plain

Signatures

  • Raccoon Stealer V2 payload 1 IoCs
  • Raccoon family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1632-60-0x0000000000400000-0x0000000001CBF000-memory.dmp
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections