MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2becdf23ad63dfcb341ee332fa50623f0cf5e4fa5f0c6c854cd4e59ce8be3ce6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



RaccoonStealer


Vendor detections: 14


Intelligence 14 IOCs 1 YARA 2 File information Comments

SHA256 hash: 2becdf23ad63dfcb341ee332fa50623f0cf5e4fa5f0c6c854cd4e59ce8be3ce6
SHA3-384 hash: e998e5bcf1576a20650baf7dab4865762887e4e9485eb35830c466634ee39ae023ec52ea5b7052413dff38b02f4d1717
SHA1 hash: c1fca8da67debe3d9d67cf6def926d81c8bb3350
MD5 hash: e283621cd5dea00d95791a88eecda925
humanhash: triple-aspen-high-july
File name:SecuriteInfo.com.W32.AIDetect.malware1.14529.6378
Download: download sample
Signature RaccoonStealer
File size:448'000 bytes
First seen:2021-09-27 21:49:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 006a79ea8a61231651632116bf97f2d7 (5 x ArkeiStealer, 5 x RaccoonStealer, 1 x CoinMiner)
ssdeep 12288:BPJd+0j6UAtiX9FtdA4Jf/5mdS5Mu3RVmBqx:BPa8tdA4ZPLR
Threatray 3'308 similar samples on MalwareBazaar
TLSH T162941205FD83E433DB1359B0495AC9A46E3CBDB14A21921B37D4169F2BB32B4B622376
File icon (PE):PE icon
dhash icon 4839b234e8c38890 (103 x RaccoonStealer, 44 x ArkeiStealer, 43 x RedLineStealer)
Reporter @SecuriteInfoCom
Tags:exe RaccoonStealer

Intelligence


File Origin
# of uploads :
1
# of downloads :
137
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
ID:
1
File name:
SecuriteInfo.com.W32.AIDetect.malware1.14529.6378
Verdict:
Malicious activity
Analysis date:
2021-09-27 21:51:13 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Malware family:
Raccoon Stealer
Verdict:
Malicious
Result
Threat name:
Raccoon
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zenpak
Status:
Malicious
First seen:
2021-09-27 20:00:09 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Result
Malware family:
raccoon
Score:
  10/10
Tags:
family:raccoon botnet:5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4 discovery spyware stealer suricata
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
Unpacked files
SH256 hash:
772932e5a6313987ed3586d1975c3f2aed6963bceb01f8f8e7e392adf1af45dd
MD5 hash:
15202c1e81e6ebb588d88123e4bfbe07
SHA1 hash:
e906d0b02815535ec8425e3ac58fbf0cc65cf272
Detections:
win_raccoon_auto
Parent samples :
2472f36cc2f885d0f48931e39d5bd6156e3e23a3072df77b5248afb668c16410
6d031a249c2f9115082e8f511514bc4fd5bc1fa20d6a5ebf525c7d51fed5ffd5
d1eb63d79a007391a4ecb5e0ef077bd1be0cffbea4c4f879fe414765b061ccc3
3f65729081ac455864d0ac3f5d99c01b190084bff4194ba79cd3d7cd040ad8e6
d75d1a5bd632e3064b542b9e108e83f3f570cc54be46c26298acc645e1e6dfed
717972370380c9f0e884b389b956f7b3ef19a2c3ef334fcf1bc87fb21b363188
a1cb95f7e34204f39b3e94745485b20959d213ff1d67630942350358e9338a2b
f0757e949cad8233abf76b1a8ccc82a1a92a780b20e21bbe1a5a8bb03a4544a0
17bff86e41d0cf2d0135bf9c1186db6c5434985db8b8375db0b472a2d92cd804
fd0abd76e63bfc430d03202558a055da8df0cde77765824a476491dba86ad2ab
74fd68bf47d9498ec237ad712c1e2abd47caf2604b4c37af1bc66c83235b450b
ea664c3f644fcf5fb8172846668d00eb2d7a0e1415cc357e31672754e68ac5af
dedd8eca89247438d03844063c5103972f87e3a4ae35745ab943f08f04ffcbec
b0ab4c79f26b6b0bb66b0bc3f0df80d33b0779f1265f0e66df903483b30663d6
9fdb5071e972fe5d8405483510379cc201167f6dc98817a6bea366e5fc672a9d
f386f1d1b1efa56c34270692f1beb0a1a0c4156c2d37c267ea235adef1c6aa48
93593190f1fa26e73781fbe8993fdbbb536a2f2566ec67edf06bb9a0fdc9998d
528e8cab7a7a341eeb6f80aa091f0ff5c0143f6a83b21c975dd5c6318128dd74
8705fa55cba407024395f636436eb29457d26c954ea2d581d0d19afade1ee3ea
985ff16dbca5cdfc7db559267eb2ab19fcdd0a4b3c103399989af3c6d4094ffd
f32f90d244411e731ac4ae9ba99620a74ad4770554832334f4cb2662dde77ab3
005afe5d449f7ec37eddc21b5623994b7200ff33cae0d379625d66234db2eddc
6b418bc5a432d6905894fab49501e93def7963490451b07a55376ee666b205a5
5d9c2b10d1a9afe00fac8a8d1320711943f73fa6652a830c730cf659a46f044b
e7f73c6601a875dc66411b3a1ae02c746daa4fa8f85afb5771c0e7bf4f68ee12
784be80268709918a578161d13f1557104af4b5c148fed3735eb0e687ace7ae0
b637814768f3706ea323695089b5e44daa869cee13f0d7a906fd238906d2c200
c483042e75dddd3efc6c85322999150440dec8ebd4e253b6a7bb7efb77000531
c7b01033d421ebab2b1dba421b77c1ddac3835949fcf2cdebcb5313f4f24eaa1
f9034746e6d31990b45226493bf1df0526b2bc590c68d968f253691458d03328
261fdc03fcf9d883519eff79dae29b188e2aa43f9f2e3d7e4a6da154a5b9af8e
0ae0bd243586f0047bad043b1c143232516e41c3a84d9e3003ca05fa91f82096
4056ff17ebdbd86509f9966b74e0d36439dfc341486c22f884a9eabdceec53b8
35a9c65d65b8c402acec11c05db29b2c280443fcd25a80f9021c2713da3d754f
d88cee541b91f230a8b19b5bb601970b3079c9168eb1e4e243000f8a2a675966
8fa2f31a5a0c1ecf0860d4fde78193a5dfe3634916067d8e49abba0e1bf9bbd0
25b89e4b7b4a5d0fd9ae3333f43c9e85386bce5906f9a0d3cd9b6264e08d4784
b8b4b2c56d40b911c7e60ed8a03f6181a169cdc5bf9c1a04954020381494ee23
3ba24e3d85d20a47b980550edbb7551aa4776cb5c9ee0a452a98f505250ee76b
a79d76b9e2dc0e30bf14ba869fa8627080f88d3bdfd96c7e6631b707169ea359
1d18e2a2ea46326d627c723fba8bb49b0771fce9d3702c297df881a7014e355e
2f9512ec165fc862fe335427c3e6a7a7d17d78616e71847426a4dc1ce48164e0
e6c8bc74b134a6e758d09ac2756cf9256fefd5ab2985a3bea7fcd4e9593c1926
95d2d9b7eede99bd112b903faff6cac477f202597fca851555aaefe38e2ed905
a83a2c9c1d86ad0441dbfa921816572f23b78251d8eebe41cd485a2045befb94
c95e030ce474b618807651b9fae00d60ca9ec0abef25ff0cbd732b7280849a30
5432cc99e66aa99faeb683d859510b441a991c70aa275a359193d27b820e1b50
7afac1e8bef468f01d95afdd0e2f03d86d98bb3143d67faa4b4c172ac82d099b
17a645e25f409be9cfa22dce8108cc9ca8847b8606beb70e4a3189debecbf230
d0544cfa549e6317d6df6b06e592e28a4bccf7053af2c9065c57f5e9a405319f
18cb80a5210c9bdca13e3ac1f0a8a3fc3fc9ceb60c991045160a6552fab7d3e6
4a4ca3c2a590908f65aaad5f0099052e7b12fde25539a10bec517f7ba3a143ec
c745a1556271a4493970aeab8ec379756cd938709ae1a0abaadf20ad0ddc9aee
a3ce87c55ad0129d869129de0a1963eaa99f43741d3428747436efebc330c0d9
4243f46ed0ceeb4928e966368eb07d6a9668a93729b8d42a28c6f07eea4b3d0d
2201646914fb891e7b7a77c2e4ed94ce106c9626d036a42a071b6ba72b581c43
2cad293d6e20ddf5039329512ce5392529b176647b09963682ee6a17b7a1e6cc
5b8d654666c039518933e112214c380630e3d588f3143f0eba1a69a1e837cca0
472d75f197ae9ba6b4330fcbbc920730bbad73410bb581a3c843b206e85c2f48
729f05959f10226a50f13f2cdf5eb8d6d0761fc8a332d207385a024ec3a7184c
02670aeb90e985cc7428c4eebe72fbc7057aba7186d1634d65e3061a94b27fb5
626999cdbd44d491c59a9fd35b302f3c18d4c0599c08b53b80716661b0e803ff
2becdf23ad63dfcb341ee332fa50623f0cf5e4fa5f0c6c854cd4e59ce8be3ce6
d3e02a692bd8a1c1e10746ba01ce7d3700cf7793578495e504fac6495a4d20e3
889e9ef0fbe47480ebf02cfaa6d9f0516e134f6bcf63783ee5ea135471e147c2
39d4676e1909c1aa57643e300758a2b4af79f1cb621f81ed50f329ae9e4ee911
b48aff383ec769eb37b4095294f479a4af8bff7087d67d7dc8f9a57437682f0a
9680e7b7fd9d1bc262342e49ffe559a0ab36bda7ff838d8f06dbfc8a090452ba
51883d0e9ac65bb1850ce0f0a668df2a03e16bb9500be5a6ca54f8ff02154506
b581defb65eb6c34f971c0ec23e2a01b98a3443a84d20f23e298150f03ea7a9b
de220a17fe7293c1a1f5b23758213e0de3e3bd77cc7c0de4ebda64f140982fdf
71fbc9e3d7c98f5ceddefde011586483ad21b083ff19055de75edebf3966c248
73b08e1c191193b1c71438d44a79db1cd62c9f3048f257b713f55e8699ea0aac
8396e036d08004dddb3811d327c3642dd19d21586dad292b8ef2218620ab093b
e6edddc37105c16cdaab8dbb779e4e4a57e7f16a49e019407ff9f30da760c788
3f60ed66f1e5541efcc9aa0b2eed94c8cff2b9f5798771d468751a806a001596
7a8914a4f02248cbef70ae06057bd9cc96ae09385c2c23824775161c9adf948f
011f4d4636e0cb4cc857f7f87fc005315abaa07b17e2f5df2987c52f5bac2f32
55a8adf695f2b0afbb19f3d8235582b5f43144a01f24e8782a1be38523441b68
70c9a50508878a796816729106789b3d58451adaf76d7dc77e2a29eba07c3706
5f8eed708ff4f1b2071f894be789093ca2c0211e430c746e762742a28df57d6d
57a7b15cd3b962e738b9c36b8d9dc2c16f3fa8efeafa1f9d2996fa8231a208e3
2b9336ac05de09ebf6e39fa98c551939055a789dccfef9c6bfd97c5d3f1adfcb
726f6b9cf0d4c07612cdd6960a0aa89838baaaed46e8470b6f0ae2422fee325b
fa16bdf65f4af8df446a44827e0700746f993197c3d3d54d2aa6bf40ff1ed99f
6bfbdd4ee7699f0ddd85c8569db76c726ccf32004c6f8162c2f49e125a8ea343
eb9d4fb59d5a62e67c2e8f119b84cdf8cbdfc57c24a086d6d9ee40b087c5f244
76026c7c1c4f14b0a4cc2f5f198621d8efe1f9233380992094933a315dc05e77
7eb1f7a46c581067bdf4aa5d659d696c625f9b5c56aaf44415320ac27eb34b5d
cc0816790309228d62b3523695a29e5c99efc73b9534af55f73a42c26e3fd82b
a3555a206c7086b96570ec823ee88673c988c7d250c6acf860808ac0fb0d853a
0ba560154d9d1138a6aec01ec16a4b2da7b26fd3c4abda1f910baf1ad154ce9d
8c14e545be830a7ea4d0c816f9a4bfd6984020f5da1725cf0ba8f2b7c86a9aba
641abbe1db2fde5ebc0fd62a350a09a69bd4c0214e72e3b86f0fe6cc7e1f159c
3eb35cb4206bb050298922ba6668cc65dd00c6597b917aedbe14a93d529d16b8
07094eae48eec6c26a8c4c32a95d5f2959e18eb1f20309225dc487b3b9d34823
832aa6fe9fe6a94b4d852485801fbc757606d5543ff780d30ac9a5fddcc19a8e
45f484796386d8ed9f53fc28a9d75dbec1c00594dafc8166e79bdae07737ebbb
9794769f8fb2f4ee60f28645ff8cfe7ff340607dba715e7134e689e3e43375ea
98f82625977789ccb5ec448c9ffd2893d55fc978ee15a02c2f92cb11bde53890
133698c44536643f3343252b73abafd4dab1ab31690ec7a1118ed00ce3a04888
9f5036bdd60314077cdd8c4a405429b0dd9f1f7a294494a86e4211475d869acc
ae951e5260ced646a473c28bc700d66cb6e0da18880f9b1ac00b13b0c579b53b
2c83dd3c8e88b0ecc3e1c9aef68962e6ef6e0a345d9297d86dd6e2b0f84ff1fa
97e0736d79022c5fa292b7c326fcae5d5afbc256b59e96d25addabe666267fa7
2f044a30d86d37452fd191a4de2fed82d41dafd54deec5a0bb4dfdca05f8ff54
3dc9dcc24d43d7c83c201bd058a0e943dac4866ccea382d362dc974ca7905f77
2e12a1501738b4c3c805c47e720f4e23a1ab3ad54130085fe3d1f337aed0f232
14b3b1da759a5fafd2e37ce6584f648b2eab3e17c7c9b8ca5099d31376045059
ac31fdbcef9e66a614a8c726cfd7da59ab3191832d84faffc77845672412debe
5017de42234584e35aee2b05d7973178e67ceafceb2c94347757dfb117729eaf
67ab10bb1648fcc334b869e00535aa1cae155bb898f07efc0aba2d9e1ab53cf6
ce500f33219f885ee169c920cc614316b9f94d3473a1708b5c65eb3cebf15cb6
573de3f472ef6e35395b16a2dab5699c7374b69da22031cea33d70ec793da369
10d92f467ec27b220499c4262f04b446e79fc62e320a1e911655b0d6e299db53
06140abf01cf76849e5d945a1b60a474102b91387953c31ce269ed424c41009e
1749651fe5f5732401de208e3ad798273a3250c135299d03df0400ef6777ec36
a94e83cce3c68f0cbb6deb71be8dedff6d7a17f82076d54b6d3ba9cedf8480f5
40e2c0afdd796dcb37da40867e0362c076e89f82fc7cfa3ff324e87a910b2345
f024b5fee1627e1b0de858c8173c3f89bf1954736a275d5ceb3e1666acbf180a
e5e4a3f0eb7248006f1421baf86bd12b8da7d2c560d0404ca1b2a11bb8de38ce
bde1c5486cd6939034ebfda2db9efa7c019ac09cfb3bf02ac2f3e46c1366b227
1c6dbd8a956e99a3716cc10f2f905c23ef7d3f86298f5a4f501b46b684f94f87
78145a56e10e0abe67f8eeff213dd874bba2824976ffda7fdd6818388c8951ed
fce80390d1bfb9b5f02087bf0444534b885556180ca8b054d8ca9a6fab2e13c7
30d8d3ac05ada80391a75a5f15b3d2a265bb06bc0e1dd48ef46f6d7c9099fc42
3e40f7f21045cd80edbb61f9add86be3e64ff92d6b8f0a2a6862adfccd4f959d
832ae46f13fa233c5d74ae6653d3777aca89edcb5858797a092e9b9ca3baf80c
3ffc865225f6f5239ca2000a0be34cf58ee386979c48bfe83cafaba48a8ea7cb
9c1bd729a791c52aef604e683c45cecffb91b1f397055e2adf10ca78c969c2a6
152ba18e7ef1293147b17d5f96eaa3d18ea4469b69e091a71dac85775bbd1bce
20d96058a122327cad201a01c2acacaf973388127c2356b4cfd8e72ed4d468b2
d71146b3ded09f0b0160e990d6952d5feea4d6d682b1d8854ecfee5e865dd0ed
b336634f313c9ac830e2314c47c6d016a135c8125507b4a4e2cb5f224b3087e6
13d64ea9d98adb90dcbd7fec75d8932ff4dc6b11ef206472bb8919310c8c6924
6468e058014074558c7d2f81db2d08d4f662771b147c608eea867191ceeeab09
842988b3f7dace3af12d511d8ea57ed26b40e77dceb7556ef4f37c0833bb79d7
d44745936180b61269e1914fe91dd2a42d5d9178ddba9ab5fe66362c459a7e45
58fb115999436b2196f3f008e7e652d5cefebbd1db2885c2d59af17ec32716fd
fb62620d6cea268fb5789faa0d1024b53c2a854f2d319be71998829890314a2c
a95df870da90caddc739ba5c272c1f3db50fa8f7671a399abc7f0bb84a15b8ce
2d6599174555c52c6ef25cfcaca155a7288a183972a944e6e22a1de4de85cbcc
6ca5031ab0efac1fdc6d3b251072ea93e70d911067995cd367778bfffd2b45a9
0f3d1f1eafa140c32e246c12a7ccd5b6205526ad08be581e5f55b9179f19be5a
a5eb546e1572666d671b3872c3ac967634bb5522b15a58ffabeaf5da524c1d86
628d96ad8e61df81aea0f6931e7daaa39ee860051bb15e9721ded124e943dd26
4a4e1a2d468a912cc0d71fc6699d5b35e80c8d1825ff16f3d91130511e653542
76a2373a534c4aaded3a7db99312c17f4873f62dd29e2daa1557d528092ef902
e562200e74e0b5c6864514143e606de954e496f28518659b13789d0d205fe8fa
09af49f80d3185ecc400db099f6a56cdae9c3a55a51f573d179c52be5e8b49cb
ddbb4705216cb4790d9bd04a3388df2b7e728486183d9eab7e46789ca5655d8d
25e8fb609f633e1130c0d344cdc6def1deade9ef0502f7a56a17c13dbfd0df00
ceff1483439198cfe5050e486feabcdd9f1f8fa3aac325a11e66163f2839ea21
dfb6ac4f7e465bf6e26ec7f9fc55a16803c2a36ae34a4acedba1d28a99c1d11e
d012e369ec880e456407a045ca3fe9b207483107bf2996211d602469afc3d8e6
94fa63932fd9e139fc7fea086cbb677c2b29529e882d2b9c21979b7c075b00b7
01835a99cdc47442bce565fcd41922c495c70afe998b0034a9870576785a0a5e
b8e0ead3346147c0e9e85f231ec2333e1fe91d52cb083539cfd42cc5286e5e05
83f98530ac0d0e3be6e4f0e363bef49a3da660440744615a22d96adc852310f4
4bf823a252175861293d6cab973a7f1e40216918b253747ed96cbae118054f56
b64a2b0e48995cd72c55b2ff5c0ada0f5002ce13966e643736c57d57087f8725
0f2f07e8e52593a89b1d2f0ac369e53d489295078d50a1f0bd42dfcb17e0c6c5
4028b39311179a65dda13e94e2b04832b8733b3138c88f4adb91eb928d15cfd0
c359a8c77b2e1242763cde0c9fa0551ed505a4a252bda9f7d91826734f699f84
860a9128eef86371ad40df534c7153e7756ef99c32792553bc25354201ae16e2
b2d75da0ee95724fa0509732685d0da4369dd469828da82d96426ff878fe2f75
af3a3e08e6aac8a4438f6a0453042ef57148887d1c74751a77a5bbef6d5e87de
27d384b972bb47b7501df14250cb7f5662867e1deb8ccdeab026873a33664e97
efae6a5b69e33c6bbc406f117e2618639fc1c382e1ac1ffb179f7171a776740f
86e7826632a9f20a00c4c8fd6aeea2b9aa2d0d952eb33b339a052f91849f4d0c
SH256 hash:
2becdf23ad63dfcb341ee332fa50623f0cf5e4fa5f0c6c854cd4e59ce8be3ce6
MD5 hash:
e283621cd5dea00d95791a88eecda925
SHA1 hash:
c1fca8da67debe3d9d67cf6def926d81c8bb3350
Malware family:
Raccoon v1.7.2
Verdict:
Malicious

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:win_raccoon_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

Indicators Of Compromise (IOCs)


Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://185.138.164.150/ https://threatfox.abuse.ch/ioc/227268

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 2becdf23ad63dfcb341ee332fa50623f0cf5e4fa5f0c6c854cd4e59ce8be3ce6

(this sample)

  
Delivery method
Distributed via web download

Comments