General
-
Target
628-56-0x0000000000400000-0x0000000001B40000-memory.dmp
-
Size
23.2MB
-
MD5
0bfa570a512179f32561ede33fa879e9
-
SHA1
27d014e24812a76a7dd0d685b9695fb5e9872821
-
SHA256
ecd0bbedfde9878654fdde7fcfa7be4f710c1c4874b958e68521375d613cd63d
-
SHA512
1115b125a2e3b6232f704a0095826906af6e63a890942d07689266b58b9645bedeebbfdd3cd71d76e47ac7118464cc335d9ac6332f408b13b1cef18474c8269d
-
SSDEEP
6144:YMKFJFSvGpDbnD6suIhfQFTlPPpMsTbA:BKLFzpH7Ns9t
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
3c85f6d12f0866626b35b64056ce8880
C2
http://5.78.98.26:8088/
Attributes
-
user_agent
DuckTales
xor.plain
Signatures
-
Raccoon Stealer V2 payload 1 IoCs
-
Raccoon family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
628-56-0x0000000000400000-0x0000000001B40000-memory.dmp
Headers
Sections