MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43eb644d0682f9bc85745c538015ba9ad19b10116792b5e5aa5da33b6c3af797. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43eb644d0682f9bc85745c538015ba9ad19b10116792b5e5aa5da33b6c3af797
SHA3-384 hash: 6ce8fa3e1be8de28af25620eea7f3eac16212455a09c8b62a769c8675a296a92b5dac70e99143a81238e0f819c61f058
SHA1 hash: d538ffffd82540752a23d5defc90e501093861bf
MD5 hash: e4f4e051625054d753730fd9183c4a34
humanhash: equal-football-video-happy
File name:SecuriteInfo.com.Win32.Injector.ELLY.6071
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:507'904 bytes
First seen:2020-04-15 13:04:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e1627adf817b3d26e5a910280adba02d (1 x RaccoonStealer)
ssdeep 12288:sP8pIWvupcsqm9vINO0z00n30h2tckiUSJdPKF0:sLWIc3mxINH40n30M25dPj
Threatray 321 similar samples on MalwareBazaar
TLSH 07B4020D66A29772E5514A3A4EF5D9F486FD3C63BC53681FF7483E0B23B598082825B3
Reporter SecuriteInfoCom
Tags:RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.ELLY.6071.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Spyagent
Create hunting rule
Status:
Malicious
First seen:
2020-04-15 12:14:29 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ipvwitigql43zblulrjyafn2tlizwearm6jllznklwrtw3b266lq._file
Verdict:
malicious
Similar samples:
0335616afb9c546d9580cd2656fdad8758f4daa215c39a0c14a0fc68a5c129f0
RaccoonStealer
1f41788769bed2b7fa9f0d52c257b57eaf17793d6e02d5b4aea4a4a148d72874
RaccoonStealer
2b54fb9596441cbdb7f2208b41a717adba83c5834a49c534f54d479131f750c1
RaccoonStealer
55f47d6441e8fcd7ceb49d115588163c5a2941a2ed954b0a8e09b82233d7de4c
RaccoonStealer
61c47bc44d3877e815be609e98f97eb1b79ee1c9215646570d85cc40aa9c1317
RaccoonStealer
68f66dd88b1a69a8ff2e63cca5e4554e1b147ccd2474d356b60a749c21412fd4
RaccoonStealer
af144fecf75bb3b83d364a523b10f5a825b50f27017060112c17dbf668a5040a
RaccoonStealer
d3025e6ca15f2f2c1ee931ecc075982f65e95cbbb367762874966472fa168cf6
RaccoonStealer
e9ba77b36bd2ca8d3c4486930e2e79d670804bdbec171b8a459c4d1264d7c100
RaccoonStealer
fff57207bf2d6326bc580cd9788e36ec52437e472d26d49c015685525415d7ee
RaccoonStealer
+ 311 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 43eb644d0682f9bc85745c538015ba9ad19b10116792b5e5aa5da33b6c3af797

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/340712/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaExitProc
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments