raccoon | aa1b0b2f6f06f622abf2128ecafed1929682221c5ff4dd2426f16b9ae272fdf9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa1b0b2f6f06f622abf2128ecafed1929682221c5ff4dd2426f16b9ae272fdf9
Size

80KB
MD5

7fbe056c414472cc2fcc6362bb66d212
SHA1

0df63fe311154434f7d14aae2f29f47a6222b053
SHA256

aa1b0b2f6f06f622abf2128ecafed1929682221c5ff4dd2426f16b9ae272fdf9
SHA512

38edc08d3fd41c818ae9457e200ade74ac22aabc678adce6a99d4789b621e43b298ca8e4189be4e997f66559325d76ad941d604d4375175f174de8521e779220
SSDEEP

1536:KX0PI6ORWFPekAZZ0XCkSBIPV1Fn1p06QcKUp3sFqH:9PI6GWpeVsXCLMrxbQOp8FqH

Score

10^/10

afed87781b48070c555e77a16d871208 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

afed87781b48070c555e77a16d871208

C2

http://185.16.39.253:80/

Attributes

user_agent
MrBidenNeverKnow

xor.plain

Signatures

Raccoon Stealer V2 payload 1 IoCs

resource	yara_rule
sample	family_raccoon_v2

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa1b0b2f6f06f622abf2128ecafed1929682221c5ff4dd2426f16b9ae272fdf9

Files

aa1b0b2f6f06f622abf2128ecafed1929682221c5ff4dd2426f16b9ae272fdf9
.exe windows:6 windows x86 arch:x86

52fcc5c1bcda70fa4759c08995c5a5fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
ReleaseSemaphore
OutputDebugStringA
FindClose
CreateMutexA
LocalAlloc
ReleaseMutex
CancelWaitableTimer
GetLastError
GetProcAddress
CloseHandle
ResetEvent
CreateWaitableTimerA
LocalFree
SetEnvironmentVariableA
CreateFileMappingW
CreateSemaphoreA
CreateEventA
lstrlenA
SetEvent
LoadLibraryA

advapi32

RegOpenKeyExA

ole32

CoInitialize

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE