MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44bc9b5ec0d573cb94869694eb76a9f9b50e35d2c678b42069d5fb4a014d9da6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 12

Intelligence 12 IOCs 1 YARA File information Comments

SHA256 hash:	44bc9b5ec0d573cb94869694eb76a9f9b50e35d2c678b42069d5fb4a014d9da6
SHA3-384 hash:	8881b1e48930e4f56a4838ecfced1589d6a5aab36fb4db0fa3d13d4ba4a0b97ace0389d86f85f2dfe60e9402301de7cf
SHA1 hash:	2c2f47e1e05203c852646a44a7ed420ad9ea5afa
MD5 hash:	3aaef1dac507a2c62a8a35420bba366e
humanhash:	mockingbird-texas-lamp-lion
File name:	44BC9B5EC0D573CB94869694EB76A9F9B50E35D2C678B.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	551'936 bytes
First seen:	2021-08-08 22:20:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6ed4f5f04d62b18d96b26d6db7c18840 (235 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep	12288:3aPCGxIKAKXD0sfE90Ac5ddGac27GNR/Cy+l9:PaosfEyJGJGG3Kf9
Threatray	1'665 similar samples on MalwareBazaar
TLSH	T1FEC41272E10D6FE5CE765B3DB4FE4F8285B8BD348F1011060DB2FE1808746B59A51AAB
dhash icon	96deeedec6d6dac2 (1 x RaccoonStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://74.119.195.134/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://74.119.195.134/	https://threatfox.abuse.ch/ioc/166044/

Intelligence

File Origin

# of uploads :

# of downloads :

130

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

44BC9B5EC0D573CB94869694EB76A9F9B50E35D2C678B.exe

Verdict:

Malicious activity

Analysis date:

2021-08-08 22:24:01 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/8d36881f-e66f-439e-afaa-78130909baf9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/177320/

Detection(s):

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-4

Win.Packed.Glupteba-9820400-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Connection attempt

Sending an HTTP POST request

Launching the default Windows debugger (dwwin.exe)

Sending a UDP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/44e04b99-9967-4deb-9299-58d9cea9cab0

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/828894

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/44bc9b5ec0d573cb94869694eb76a9f9b50e35d2c678b42069d5fb4a014d9da6/

Threat name:

Win32.Trojan.Glupteba

Status:

Malicious

First seen:

2021-01-04 03:17:00 UTC

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=is6jwxwa2vz4xfegs2kow5vj7g2q4nosyz4liidj2x5uuakntwta._file

Verdict:

malicious

RaccoonStealer

20d794dc1ca5a9a98d9c267f54ad39460c28423c9fc92a82d206918d34a50f83

RaccoonStealer

3d52abc51bee95d4af35f871dd6b35fd1d08b89fb191b192d8da47988ec82e24

RaccoonStealer

5e2f7f542c52206b21fada8618c1683b6e7db12ca85541b8b11be54b5a6f65e7

RaccoonStealer

77f471b2f588c31126527e4a0e58dd383f9790917276651d1bddd29e519f2e4b

RaccoonStealer

873e8fdc6744802bdd4372c9d752dd8d63c02a51a68dec3b328a02d0262c58f8

RaccoonStealer

962f73780df929deebef79caa97fe5432bf3163ad11abab65ad869827dd062a8

RaccoonStealer

96e8a552286bdc774b6aa631a854546e8124aada68ab2b9ee0effbacbea9face

RaccoonStealer

bd5f339b333a5a2b94681d0e054e7e607d96379e7e944ac9d356eab06ac5e60a

RaccoonStealer

f40c77a22e3ec01343290ceab219f059bbde44af897e2949e779fb827720a5a4

RaccoonStealer

+ 1'655 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:93f8b7c053c38cf658e833ccd257c4cb9233760d stealer upx

Link:

https://tria.ge/reports/210808-gebnqpjy7a/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Program crash

Raccoon

Raccoon Stealer Payload

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

b53e52f649a217c0934d4578d05d8650489bcc02a18d7d99030f73320c18724d

MD5 hash:

e7eb5e5b3a52d9d3893eee2e341c9678

SHA1 hash:

c5dd761902b71f658905ed79f5df1a8170433b18

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/9fefaba0-51f9-44f4-9206-e7be19b875d0/

Parent samples :

44bc9b5ec0d573cb94869694eb76a9f9b50e35d2c678b42069d5fb4a014d9da6
a9edd7cee5010a9f5aa39bc0be68f8738fa6a537cafd5d07620be35f7126fb95

SH256 hash:

708c1602aeeb12386dd9ab5cc90c1cd346368e577e9fa5f4b01a637e7c563d9d

MD5 hash:

dc063ecb8aff680cd943c0a2947f7d05

SHA1 hash:

35663f69e2000affada6f5825fa25097b2c283e2

Link:

https://www.unpac.me/results/9fefaba0-51f9-44f4-9206-e7be19b875d0/

SH256 hash:

44bc9b5ec0d573cb94869694eb76a9f9b50e35d2c678b42069d5fb4a014d9da6

MD5 hash:

3aaef1dac507a2c62a8a35420bba366e

SHA1 hash:

2c2f47e1e05203c852646a44a7ed420ad9ea5afa

Link:

https://www.unpac.me/results/9fefaba0-51f9-44f4-9206-e7be19b875d0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.24

Link:

https://yomi.yoroi.company/submissions/44bc9b5ec0d573cb94869694eb76a9f9b50e35d2c678b42069d5fb4a014d9da6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/177320/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample