MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31b85fde884193b976d6cae2209bd2c95f13d6de5d0ff4206612a8768a0c65d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31b85fde884193b976d6cae2209bd2c95f13d6de5d0ff4206612a8768a0c65d6
SHA3-384 hash: 5454f252fb8cf4b8ca25099ac1f1ea5444f046ddcd3f0a1a4ddbde5ff35b7bee6dfc53eabcc5731ef95634b5eec2c092
SHA1 hash: 6a8434f83d4d160fd796e3a3f50a020cf5974903
MD5 hash: 5c9e2b97d5a4b86c6c64edf30f058f45
humanhash: venus-cola-seven-november
File name:5c9e2b97d5a4b86c6c64edf30f058f45.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:538'624 bytes
First seen:2020-05-08 08:59:11 UTC
Last seen:2020-05-08 12:02:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash af0457a90da65509b0197bfc07d2def4 (1 x RaccoonStealer, 1 x Smoke Loader)
ssdeep 6144:hoSg6+39FKBPWjllRX2R6XdJbI1OAw0k6qOk/Ur0Ed1t02apBHU4/3+4Vz+Eu0+J:hoDlmBPWjJ/Shrqx/krdAfT7Zu/Ci6+
Threatray 158 similar samples on MalwareBazaar
TLSH F0B4F11573F1E463D66206319C66DAA4163EB9527E30DE8F3394272F2F70293C622B97
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
5
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kpot
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 09:35:58 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gg4f7xuiigj3s5wwzlrcbg6szfprhvw6luh7iidgckuhncqmmxla._file
Verdict:
malicious
Similar samples:
0335616afb9c546d9580cd2656fdad8758f4daa215c39a0c14a0fc68a5c129f0
RaccoonStealer
1f41788769bed2b7fa9f0d52c257b57eaf17793d6e02d5b4aea4a4a148d72874
RaccoonStealer
2b54fb9596441cbdb7f2208b41a717adba83c5834a49c534f54d479131f750c1
RaccoonStealer
55f47d6441e8fcd7ceb49d115588163c5a2941a2ed954b0a8e09b82233d7de4c
RaccoonStealer
61c47bc44d3877e815be609e98f97eb1b79ee1c9215646570d85cc40aa9c1317
RaccoonStealer
a03e9689d30d9691f4b2b86dd2c53b072ed290efdac0f6b2230fc445cbe8f26d
RaccoonStealer
af144fecf75bb3b83d364a523b10f5a825b50f27017060112c17dbf668a5040a
RaccoonStealer
d3025e6ca15f2f2c1ee931ecc075982f65e95cbbb367762874966472fa168cf6
RaccoonStealer
e9ba77b36bd2ca8d3c4486930e2e79d670804bdbec171b8a459c4d1264d7c100
RaccoonStealer
fff57207bf2d6326bc580cd9788e36ec52437e472d26d49c015685525415d7ee
RaccoonStealer
+ 148 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jlb3bhs7sa/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 31b85fde884193b976d6cae2209bd2c95f13d6de5d0ff4206612a8768a0c65d6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/359867/
  
Delivery method
Distributed via web download

Comments


Avatar
commented on 2020-05-08 09:10:16 UTC

RaccoonStealer dropped by Amadey

Amadey C2:
http://217.8.117.89/theCCnew/index.php

RaccoonStealer payload URL:
http://217.8.117.89/svchost.exe

RaccoonStealer C2:
http://34.89.22.128/gate/log.php