MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6956b64f9f4eb99fea2aa04a47100390bca12de0871b931ec7e7e01ecbd32e9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara 2 Comments

SHA256 hash: 6956b64f9f4eb99fea2aa04a47100390bca12de0871b931ec7e7e01ecbd32e9f
SHA3-384 hash: 70b99b1ca5f34dae1442dc14f7c6bb8810599f604ee916e79750aa1770751dca6f23d23096eca1f1d9b496a4465f9724
SHA1 hash: a5fe96ef8cb119f2b21c2f646f0902766e8a408c
MD5 hash: f7705e24f5e07d3a06cc6aea648d9e9e
humanhash: delaware-video-september-lemon
File name:f7705e24f5e07d3a06cc6aea648d9e9e.exe
Download: download sample
Signature RaccoonStealer
File size:473'088 bytes
First seen:2020-06-30 05:24:42 UTC
Last seen:2020-06-30 05:48:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 69104843fd99359df270d11507bd145b
ssdeep 6144:SRLXYdP7u65szt98KHYUMNIbXnwAKAff3eZCze/GyZ3T+yBANx7oj5y9yaYc7zeP:QS7X5szMKHw+3BfOZGeldUx8Q4aV3RX
TLSH CEA40111F361F332D4A3A470A820E575063D78718925A9C77B9F3A3E6E727D08B2D35A
Reporter @abuse_ch
Tags:exe RaccoonStealer

RaccoonStealer C2:


Mail intelligence No data
# of uploads 2
# of downloads 32
Origin country FR FR
CAPE Sandbox Detection:n/a
ClamAV PUA.Win.Downloader.Aiis-6803892-0
CERT.PL MWDB Detection:raccoon
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Kryptik
First seen:2020-06-30 05:26:05 UTC
AV detection:25 of 30 (83.33%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:raccoon
Tags:ransomware evasion spyware trojan discovery stealer family:raccoon
VirusTotal:Virustotal results 41.10%

Yara Signatures

Rule name:win_raccoon_a0
Author:Slavo Greminger, SWITCH-CERT
Rule name:win_raccoon_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download


Executable exe 6956b64f9f4eb99fea2aa04a47100390bca12de0871b931ec7e7e01ecbd32e9f

(this sample)

Delivery method
Distributed via web download