raccoon | JaffaCakes118_e9b403eb952af5fac5daaa17eed88305e92e6533f8ae84c98844939947672502 | Triage

Sharing

General

Target

JaffaCakes118_e9b403eb952af5fac5daaa17eed88305e92e6533f8ae84c98844939947672502
Size

61KB
MD5

3cfd05053a371357bccd0ce42f2350fd
SHA1

513b8b8b015265d6a4522a6e62914d0998fbf532
SHA256

e9b403eb952af5fac5daaa17eed88305e92e6533f8ae84c98844939947672502
SHA512

e15af35b08f7260da3d0de3ff330aa3cb91a6dc33bd6a00fa54ef7a40685e557ae6f966929812d69d4815eaea71d24a446ae7b7438344c75fc64230e26f31222
SSDEEP

768:G3hBdh98zo8hUzAMgRt5O9hDtqCD+4yNdQiEw6ZjqZeS6R6UhSC:AdMzAzjavO9uG+NNdQ4MGQRtv

Score

10^/10

9b19cf60d9bdf65b8a2495aa965456c3 raccoon

Malware Config

Extracted

Family

raccoon

Botnet

9b19cf60d9bdf65b8a2495aa965456c3

C2

http://5.2.70.65/

Attributes

user_agent
TakeMyPainBack

xor.plain

Signatures

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e9b403eb952af5fac5daaa17eed88305e92e6533f8ae84c98844939947672502

Files

JaffaCakes118_e9b403eb952af5fac5daaa17eed88305e92e6533f8ae84c98844939947672502
.exe windows:6 windows x86 arch:x86

c5c36a515b13d54501168b24d2b48063

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CreateFileW
LoadLibraryW

ole32

CoInitialize

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ