raccoon | JaffaCakes118_7e23ea6ba32eee9abf55cf823c6d4ab77e3aaf13f1b1420dc745e53a8636297d

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7e23ea6ba32eee9abf55cf823c6d4ab77e3aaf13f1b1420dc745e53a8636297d
Size

830.2MB
MD5

ab4167cde58ab70bda374b9cea749832
SHA1

371d7be152d08f2e1a087e4604ff8ae492198bc0
SHA256

7e23ea6ba32eee9abf55cf823c6d4ab77e3aaf13f1b1420dc745e53a8636297d
SHA512

286bbf8069eff18aee47d5cd5ae4ed14505c3061427dd1a8eea78a9bd34a9f9485b803e69c9f969dfbe74fbbd059cd3ba69aff7bc297ae538afa77e35d55cb5c
SSDEEP

98304:uoDANorfoX181J2cH3P5ihlmvO++hfnDU0GLTFj7/M8cIs39L4xlKvU7UTffDzY:hANGoF8Pj5ihlmvODDU0GLVMj0lG/7D0

Score

10^/10

334fd5a216b2c3b3e5a3fb91bcdf6c9c raccoon

Malware Config

Extracted

Family

raccoon

Botnet

334fd5a216b2c3b3e5a3fb91bcdf6c9c

http://77.91.103.191

http://5.182.36.75

Attributes

user_agent
20112211

xor.plain

Signatures

Raccoon Stealer V2 payload 1 IoCs

resource	yara_rule
sample	family_raccoon_v2

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7e23ea6ba32eee9abf55cf823c6d4ab77e3aaf13f1b1420dc745e53a8636297d

Files

JaffaCakes118_7e23ea6ba32eee9abf55cf823c6d4ab77e3aaf13f1b1420dc745e53a8636297d
.exe windows:6 windows x86 arch:x86

b5af53b96a03972def1a5f287c0c1d5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoInitialize

user32

CharUpperBuffW

Exports

Exports

�:2r̆b�U� ��1�f�=��K#w�9b��A�7"%�B͈�H�huc'��)d��4=aˋ��[��]�H%\��N�1��I�q&�/�=y��5��h2��S��O7"�dfAl��e��?�-��ð�s!O�8W�Ѭ\s��sG��e��ᅯ�^�|K�('��P��I��xW��Yd� �SI|Kq0i|c��!��~�E��_��i9Ǉ�i�ԁW��kp$�qC�7��7��ޔ>��E�qu�n�@�a3��4�GkI��˦�ߥg��<mYz��,��9%c�+��U��,lF�9�J��v ?M��֮�I<(텺��sS�#}}��}MP�� 蘄�1;v��Y�ن-4k��v�X��ǧZFJ+E�QQGH7u৐�=�rT��8ͻ�,9�ć+M.0��J��}u��n5��>�ӊ�N3��Cxlk�{��Þ��|�t�z�,R�.y�5�bI��Z��k��I��*+(U��5z�ĭr�v�H�*�ًK�L��h��P��n�%z�m��5{Ƨ��fBPk�xnA3D�� y�e�1��IX�5<t��}��[@��$��EH/} M�Wa@��'Q ��F��4�p��4o'� �=�VT�O&vx�* %��/H��U[��N2��?�R�+��wy-��C�5��傂�<��x��P=��9}� ��VB��^2|�Gq��ioKy��h�?��q�y��S��W��F�Q��.s��!��N��;�&�+1�� a�;��XE?*O�� \]2��y8�v}�xM��c��@�_�OA�t��B�cj{u_;�N��5��D>i%4��9�1W?Y��1��nIr-��!ϧI(�5bD3�O-�� ɑ�� ~�;��c�c��|6S��o,�@��P9�F,p�ޤ9� `r~Q�� 4e,Rs= E�Z��Uk�P�2"$��t�t�y�c��i��}�M��rJ�'@�8�� G��D�.�ɾ��6e؀��`�z�j"��S3�,��am��{�w��C�N�<�e��{�tO�x�m�&�]9��?{��/��L�`�T@��PdhU��۝�E��K��v��e��x㠉iY��)�UWh�;��B��n,�Fֽ�]��7��%�D��U�=�� l�-�~��׬��5�Tp�)�=h�H��̹�!$�� Qw�K��½�O�{V��w�Q��I3��{&ao� �#�J�nR�?{�#x�m�>�?��Nj8<z��%瞴�Z��[�;+��<lO�O&��qE�~�� U�BIMX��qr��e��|�� ,_��6�|Zٚ�[��5R�*٬}��8y��|��DNSS ��\f��T�ަ?�{�!~q�p��J��{J�.��%\5˘ЉO5[�`��iy��b��3��ՅQ�|�R��S8� ڻꗑ��98��͚�TaX�f"T��e�{?�yNz�� F�q@��ǵ�L�ǈ��߀��_�}��s��{�e�-�Sg�Ԥ �c�,h�H��- ��a��""_ErfLi��L�t&na,>o3|h��K�\0T_�5l6�[L�`� I{�.L�켣�9��k� g(\c��cW57XHX�{V��+�s�� Y<B*��z�*��鮈!�>莔��J�W��t8�aqcU�=�閍)C�-�ބ��ϦY�?��L��D?�>��!w1�}p�̍C0h��*e)�َV2�r��b!�NV�gH��&k��G�ʀ��ֈ�Z��6�" V��c��_YwTJ^(��*p��#��q�-��6R�]��qն`�)��V��&��榩��6o�V̔�2�=��<)�s�ڕ� ��5�U��Kw30�% l�Q�jL��e�f�Y/�+��e�CZ�F��YŃ�+$��3�oƚ&h�ٛB}�U�K�Wn�e(��Ⱥ��Q*��˹��"ЂH�My!/��"=w�nz��V�lv��>�T��%-�{K~�%��=ot,$�#�#��M��G�bg��)eX��'��]�┆u�?��i��˟� (�� ʤ0��A��l�[�DD,��Ne��g~-v8w؛�^<#�N��u�mu�_L��2�˚�^ש3L&L�go�`�$�.PV2?��pO�5M7��\l��@J�C��=-�u�!\r4�6vE#��G��~�`��E#��ߟ��۷t�]y&ף=�u>��ۉ��}@�i#�V�4;�+��"n�S�g��:`�K�{ڡ��+7ts��k*b�^��8ؐ6@�h�7��Z˶O��@u?�U,[��)�b��*��w�=�yx�1Te��^��>�@��<��|9Z�x�6:��:{h��j��d��9��K��9�� P�l� �� :�ߓ��+P��֤;߽�;�Fk:Ce�6,�i9�;��Y��^�{#_�\��OR2�q�>��~5��3�XxȞ��s^ �L�0�$��RcQ��N��b.�0��̣Z�p�p�8b7��~۱P�Pc��j�^��Q�� Z?v�L� �,y��m��L��v[��h��J 3��$G�ANP�{p��#\��KS��I�Ʉ��y�QK��4�� \F�`5��Cֳ��>�ˣcS:X��dy7`f��ӡV�i�$6(��1�W����p��,|Xt'��X��T�x�>ZF&��jzPH�t��r*H�}i�{D��U�G19<��a.�XR��{9>��\An?B'�#��N��3��0�a�7\ jH��"�Q�VP��J�|Q��ѣ4�)�s��sMI �(��|�H��1+�$� َƋjy��phϠ��`L��

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ukfh0
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ukfh1
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ukfh2
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 447KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b5af53b96a03972def1a5f287c0c1d5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 4B

.ukfh0 Size: 3.5MB - Virtual size: 3.5MB

.ukfh1 Size: 1024B - Virtual size: 872B

.ukfh2 Size: 3.0MB - Virtual size: 3.0MB

.rsrc Size: 447KB - Virtual size: 447KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 4B

.ukfh0
Size: 3.5MB - Virtual size: 3.5MB

.ukfh1
Size: 1024B - Virtual size: 872B

.ukfh2
Size: 3.0MB - Virtual size: 3.0MB

.rsrc
Size: 447KB - Virtual size: 447KB