raccoon | 138b17d8ac8f7a899f6efc896446e1794f20fb0396b774de37679b069c568f44

Sharing

Copy URL

Twitter E-mail

General

Target

138b17d8ac8f7a899f6efc896446e1794f20fb0396b774de37679b069c568f44
Size

7.4MB
MD5

2333c566988bfa8a65f7e6cd079d7e8d
SHA1

f7300a6bc5b4f33263f7c50cae9683833f37b9bb
SHA256

138b17d8ac8f7a899f6efc896446e1794f20fb0396b774de37679b069c568f44
SHA512

abcdc8c3855290b8672f30296f709f391552e3dde0bb87feec783322a6f4906b43bb0ee90cac88b16319093515999b3c1416e223990d52d4ef759d6616ee9b05
SSDEEP

196608:tuJ+Rp7VEpq14hMyX1JW6+xzjbQr3HiKxMZ:tuJ+L7GpfnzWHxH8ryH

Score

10^/10

325905ef368c0ef54a7193fe509f183d raccoon

Malware Config

Extracted

Family

raccoon

Botnet

325905ef368c0ef54a7193fe509f183d

http://62.113.255.110/

http://188.215.229.203/

Attributes

user_agent
record

rc4.plain

Signatures

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
138b17d8ac8f7a899f6efc896446e1794f20fb0396b774de37679b069c568f44

Files

138b17d8ac8f7a899f6efc896446e1794f20fb0396b774de37679b069c568f44
.exe windows:6 windows x86 arch:x86

2d328c5abe4a256052fb1546154d88bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

GetUserNameW

user32

CharUpperBuffW

Exports

Exports

["�/m�y��#��E��m"�o럷��*�w�}y�]�O!q��7�~N��Z"%%��ª��Ă�ʂ��R��M]�7�9��{緪fŅw�A�m�G6��\��Ykԧ�L3��A1�(�>�5'l5�m��&O�M��[��ը��2��ـ�o� D+�W�ë��~}�24��&Ug�<*��)��Y��՘�DY��sP�áy�4��P��Z)6�_=Z��/_�L�f��Ԏ2��m�T��?�S�%�L�w��A�\$��!Z��HM-��~�s��]�Tf��'b�ח��al�X�"AmE�S�A��Kl��#U��w�P��I9(��,�&1H��uJ��=K;_ .Y�]�G�?Ҵ��M�L�^h�yX}{��9ݫ��v�d�f�z��]��%S3Tr^��H�%��n�j��F֨GD�� xP�.%�%4d��t�y2xA�!�Nt��a��/��U#Ji��o;�O`��E�!�4�axvv��x�%2�~��Uo�� РLǿ�4�� W��_��X�%�#:h��=�N��Hs-π�L˒J�J��}C��.v!W��{��IL��/0��ą�E'�8��'�C�z�r��&m�,��;��kN��-~��O ��XAI�c-I9� �� 3Q��t[��xY��ܘ�&7��Ӹ��8�N\Ok"޼{&7y��F��տz�K?Zo^ -̢"��(I�&T�|f��4�ʒl�D��:]�[��䏽�Qd��$��+a�8��w�}��I�̹A�F��=F�g�x��*s>��Ŧ�� )��[�7��u��<� �_�ԻOyHA�8,C�p��(]8Wط�� ϣ�Nef�ŕߐɇ�E��.�wp*�jp�]�_ƺ��}�h��a�*'_`j�<��Y�J�"y�=b3�yyd��\%Ȃ�`UyR�!�r��L)0�H�PУ�nLH�6]Vd��KYs�M��ŤqK��1Nt�[��!p�mf)�%�6(#��A�X��Hj(g_��B��sM�oo�L��u��h�=�*��3��i[��7��n��g-J�tj�}�Dh�� 0��2��b 3StL�d�'�MB�1��wJ�V�S��yW��=P(�k|nh�ÖLL�CPQ#�P,D��#L[N�\\��bDH+�*h@�I��.��է)�&�It�0��{3��d��;�!�B��Y35��"X�V�r6��*άn��$o�GJwG��?��i:�� 1W'�W��X�%��ܕo{�`tkD��$8E !��@��@�e�azCzrw��ʉnU!&k@>��c*�j�KP �p��00f��{]az��w�ym�"�9�k��۶�{��G|�� j<��cGRN��%jݭ@��uh��w�|h��2(�P�@5��?�s垹w��졣��m[��P��狀��0��c��u�nR?p�13��8��d��Tl1��9-AoL��{��\��#��x�E.�8��w��Q��v!�Pds\��?�j��[�H��V��C˖Y鲣t��4!�e�l��U��W��[��ҹԴ_�U��X�c,��}`vo;3{+��@SfaO�em��#��͍�N�"� B��u;�C�?]s̙%z[��e�9h땙��p�j:��C�0�uJN�R�KM5�B~��+(�*��u��hPE_�7��U�<�r��7N��BL�8��y"�|M�Z+��L�9��cv��ݻ3?�#�Ԗ�?�8�0��SB�0��B��R�wQ��+!��V뫿D��`�� ^)D!S&fX�;��O�xFU�_*��n��*� "|��My�-��8��L�㥙XDa��]` �++_��=��%Z�/��{�v��L��7>�JTݨ�lQY�5X�z&&Ҟ}�*�aX��JF��h�"/j#�`��^j��=��]��H#ki��7��B��}�\��f2��ZOS��&SmС��^�>��߆خ��8K�"��'V!Q�J䛪nz�F��8��m��r��z~X]{�Br�J ��cn>��ƹ� }�#~��f�/�d�5D�.N7��8L�` ��q�-](N3w�αK� -��Or܊Gܝfu��E\B�8\Nˣ�"T��5��\KZ�C$r�{7��8�,�*��:��N��>y��E�*L1�6�Ǭ@>��u�dI�ϰޗ�|n�^e��z�/ƙ��س�z�?kΪ�s��%��8�q��jC��.!Ma/a��g��e�|1%S*�ӣĜOrS��z �W�&�bD��f��Q.Y`e��'��zv{�|�н�a��Pv�H�#X*� ��rR��H^��]V�Mn�� g�"��N�f��~h��b��|y��O/9?)�s��R�j�+΀ip"K��:7�_E�2��Ϗ�@>l��hj�)��n=��j��l$8�;0L�Cc�' ��#\Y&whN�n�6�f�h1�)"��S�x�;'��2�9Z=�ad>�P;�u@��C�� |zXe�r��r��Hx��/!��߷Nҵ�� u�Q?��ޟ�RvĜ�k#��^&�l��;�e��yaB0��J v�1@��h[�E�։k�6�Sÿ��i��;�n�7�y��Ւ*�8�q~�N)�,�u`�P�r�$�W�V�@�R��[/O��.�ZG�=Z�[�(��\I��fVJ�� -�٧��R��M��>UY��B��-Mi1��e�BGҗu�<��/�l��9�3�b+

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Rw^
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xd(
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.EqH
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2d328c5abe4a256052fb1546154d88bf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 5KB

.Rw^ Size: 4.0MB - Virtual size: 4.0MB

.xd( Size: 1024B - Virtual size: 880B

.EqH Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 13KB - Virtual size: 12KB

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 5KB

.Rw^
Size: 4.0MB - Virtual size: 4.0MB

.xd(
Size: 1024B - Virtual size: 880B

.EqH
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 19KB - Virtual size: 19KB