MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2629fbf7fe8007bd4d7f4dd95858d57c35e91d63ea72ab6afb8c84b9b08f99ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara 2 Comments

SHA256 hash: 2629fbf7fe8007bd4d7f4dd95858d57c35e91d63ea72ab6afb8c84b9b08f99ea
SHA3-384 hash: 0ff92518c5cdaf306b6cbe7c9a05ccdb7aa27d879c98fbe0dc15d2c387682cd0cfd1cbbb87e2c8b99d06f4670e82a141
SHA1 hash: 6344c0b0670faa8e3d2b2dcba34a18a13f39ec9d
MD5 hash: d35885b4fb119cf0d6961954b69a725e
humanhash: sink-avocado-xray-apart
File name:d35885b4fb119cf0d6961954b69a725e.exe
Download: download sample
Signature RaccoonStealer
File size:683'008 bytes
First seen:2020-06-30 09:06:27 UTC
Last seen:2020-06-30 09:59:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e87e827b8c35620178f7117d8d5f4bfd
ssdeep 6144:hkZFCkdKQblsxvi6M6/6Vkflvwaq2qQ1nzvOmbAcb2C9fcQwVQ+FIf7hL/DyILQO:+dKQGNMXWl4aLvOmUux+FIz1Qc9TZ
TLSH 84E4011233D3C432C0A63630E925D3F6596AFC70AB65C64B32443BBE6D61EF18A1B756
Reporter @abuse_ch
Tags:exe RaccoonStealer

RaccoonStealer C2:


Mail intelligence No data
# of uploads 2
# of downloads 30
Origin country US US
CAPE Sandbox Detection:n/a
ClamAV PUA.Win.Downloader.Aiis-6803892-0
CERT.PL MWDB Detection:raccoon
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Kryptik
First seen:2020-06-30 09:08:06 UTC
AV detection:25 of 31 (80.65%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:raccoon
Tags:ransomware spyware stealer family:raccoon discovery
VirusTotal:Virustotal results 25.00%

Yara Signatures

Rule name:win_raccoon_a0
Author:Slavo Greminger, SWITCH-CERT
Rule name:win_raccoon_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download


Executable exe 2629fbf7fe8007bd4d7f4dd95858d57c35e91d63ea72ab6afb8c84b9b08f99ea

(this sample)

Delivery method
Distributed via web download