raccoon | JaffaCakes118_f4ebb28bbd1f333fbfbb33453e59b5435342630ec402995ed578896bcec558ac

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_f4ebb28bbd1f333fbfbb33453e59b5435342630ec402995ed578896bcec558ac
Size

726.9MB
MD5

fdf9b5dce0828c2efd4b6ee4371296ef
SHA1

898a377219c48869b287f2981b1bb9186c404ca6
SHA256

f4ebb28bbd1f333fbfbb33453e59b5435342630ec402995ed578896bcec558ac
SHA512

3fceae996b6e8e6b7172adb1e40ccbc830b6627239a18779ce11bac08551645cd2bb59cae3d76978019b2ad36e5ce749bdf8c6382d4c2b6f657eabfd0692606c
SSDEEP

196608:2kdXQPYsoLmVClsGsb3pBMx01gLq5hA9A:2kQYFLuHb380ZhQA

Score

10^/10

7cf68e7ed7eb90807fe60802b7b8e549 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

7cf68e7ed7eb90807fe60802b7b8e549

http://45.11.19.40

Attributes

user_agent
20112211

xor.plain

Signatures

Raccoon Stealer V2 payload 1 IoCs

resource	yara_rule
sample	family_raccoon_v2

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_f4ebb28bbd1f333fbfbb33453e59b5435342630ec402995ed578896bcec558ac

Files

JaffaCakes118_f4ebb28bbd1f333fbfbb33453e59b5435342630ec402995ed578896bcec558ac
.exe windows:6 windows x86 arch:x86

b5af53b96a03972def1a5f287c0c1d5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoInitialize

user32

CharUpperBuffW

Exports

Exports

��JMP��>�4��%E��ב�K��ˉ��M2O�O굇��aȣ��r�1��\sٯ��Q��t�x8�ھJ�o��TR��N��V8s�"��|��\Z ��V񳅟w6�q��2��D�v~�i ��;�W6>�T��j�/��sR�rڃ��hU�>r��$�N&l��l'�,�A��.�(D+R��8Dw��Zد�ݾ;n!��Hcg��*��|��@g�yk�C�Ց��6��2��|qi��r�8�� [^2`��1��>�7w?/'Е؛%j�8�ڰH�� `�y��a0��nH��4U]��gq��R��9gdϱ� �W��ʃ��~8��.��2؈A�#�:�p��d /�{�;�@�[�y(២�|�1��ïZ��{�� >f)�ŬF��!�8�U��9.��Lb��Z|9=ܩ��2R�b17u�c&"�fLT�73��v�.0��lS��1�L��Zq��v�C^�&��<��l��~��G��*]t��u];�,O^��^V�� oN��|�~�ê$$�pf�� hz�G"ż�qzd�BѪ(?~^�ƙ{�� k�d�5�2<�PR^��ر?Y��DD��F�> N�4�犩q�p;��X(��5P��=�2NAD��a��m��ZH��&2�C�d. ΧY�b��@��&�&��L��0��9[D-j�$J��#{�� f�F9��&�5��PZh`h�r�y��X��x�Q�k�1ZO;��:��+*�kT��Gy�^��h$��®#��¬�<��W)JW8I8#��u�C��6�o�Y ��A 6�ݪ�>�?��Z�d��29S��|M~C� +��Q��A-�̅�s'f�$0��3j�X�Tу��N$5X��*=��e�3/�I�T��KX �y��x=C5~��g�D��ܘ�Z7�s�Z�� F 1,��C�=�]�3I@ZЬs�_��~�t��Ʀʊ�_�k�e��3X�8�<��&��D��&'Ys��y��0�gS9��3J3��qʹ$��!̸%�48<K�+E�f��o;\��h��Idf�#8<�� /".��J(+꼑��9k!��~��F�wB�fJ�7�R�n��h�ա#)��*OS��{g r��A_[�&\EG��h8jIPA�}�?,�$&�JP��S��0�=��&�ME��X��U�cE0�Giu>��K�0�jnedS��b��Q2x&��;�b_��|��&%6��U��ǎ��*N�=f��/,R.tX� [j䇝�<��qU@��)K�k$��:��@=��?��۱��*CZũ�i�LIW�p�}�{��~ؘV��"��g~]B՟>k!�|�{��x�v->�$��1[>U��k&��*�襎�C�Ru�� _Ud��ԙ�cSU�6��O��f�/Wr�$ǅ�h0��cn�� kdk=YK��W��D��\�\u9�"��m;�d�m=N�fj��D�l��Mjh7L�̓�h��S[�$�|��1lB��tB�Ks`��^��W��yZ@ۣ�w��}Ӧ [e>�j#�Ǒӧ�3�l�C�iy�&��o�<��>�[{�:*�8�=�E�� _�l� �ُ\��P��&ْ�s^��%�1�1�ǡ��i�-�XE��F;\!�<�KS��ɭ�÷p� �s+6un3��l(�M��s�(3R�8��Wى�>^��TJbI��!� ]��l1�J(R'4��?XkLX��O��}�u��ғ4��:��q殊|[�Q�$$~��8��Zf��4��Hƫ�gj�Ù��auｴ3�$�/�u|��n�tg�S�D9|{T��O1��AI��M��؉Z� ;O��J.�� (2��HR&Р2�ԭ�;*R�Mf��Pf��P��X�Xٓ��yIX�P�q��~��}?�"N-��0�q�i�mH��1�a�0�Ӑ�j�u(��Y Wcva�t�08Z��46B��S��MmQ��O\�?UۥUb^��%��ۑɬ�u(�N�� 2��e�Q��7G�ĔP�9�/�{�S�U��(��[��v~T�]d[PzV�}/(5R!��s��1:�4��tN:q��?�0n�&Iޠ��S��^`g� �y��W�U5ζ��CӋM��!gce��8��B�$��X[;sƙ�8��t޻}>r+1�)8X�Ӯ�w(�U��P��G�e�ߠ4��]��t��'�]N�6�/�5a��ρAf\j]��^e�X� ��d��?��?'��{v�LU+��hƻ�*�c�,��`ən5��iH��b!��X}osqP��,�w�� U�p�*Fxh��M��g�s~�*��;�TEx]��RF�B1tx�P n�gп��w�;��mJ��ri��s^x�ԗ;w��\�O��`�H(�h7`�Eps�&&��4��e ��a��qܽE+T!"⨌��a�Y�lp �c�]�X`Ɖ�4��-%hv��Yɒ�W �ZE��ڿ�� 7b)e�� h^}&��@��R�`��`F��5��I��mE@�էʥ`=��K��rEx�P�G&m��(��y�Ep�grC��Ҙ��#�d.y~��}�1�3��Dk��2xpΧ��[<c��ǫ��&)>�kc��j;:t֔�e0@@乫�@("�ʜ��S� Y��ٕ"P^�ϒ nBeӣ�a�%�a��]�:��+>�fː%��!��*9��uU�ع��k:�_�� &n~�V�z��(!�� x��S~��n��e�A7p�� E��c&��^ 3��u�L�Η�|`�b�$G�Ji<]q3 MD:/iH�o�t��.��~8��

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uikj0
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uikj1
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uikj2
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b5af53b96a03972def1a5f287c0c1d5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 4B

.uikj0 Size: 3.5MB - Virtual size: 3.5MB

.uikj1 Size: 1024B - Virtual size: 872B

.uikj2 Size: 3.0MB - Virtual size: 3.0MB

.rsrc Size: 442KB - Virtual size: 442KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 4B

.uikj0
Size: 3.5MB - Virtual size: 3.5MB

.uikj1
Size: 1024B - Virtual size: 872B

.uikj2
Size: 3.0MB - Virtual size: 3.0MB

.rsrc
Size: 442KB - Virtual size: 442KB