MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a24e9b0bb291a57dd790134d41758e4e4862e01a05508354a7f134ae6169107. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara 2 Comments

SHA256 hash: 6a24e9b0bb291a57dd790134d41758e4e4862e01a05508354a7f134ae6169107
SHA3-384 hash: bbd83192532d5c5d94e38c1980cfdcbdaab8e30486a851f0d7ad3d0f9c478380bcafe28a4e98daa89510315574410cc8
SHA1 hash: 0dc8b917bb7134fe85cde6c40154ac8f6a2d2ba5
MD5 hash: e6df40f5090cb4a09983a15eb047c474
humanhash: six-video-maryland-artist
File name:e6df40f5090cb4a09983a15eb047c474.exe
Download: download sample
Signature RaccoonStealer
File size:462'848 bytes
First seen:2020-06-30 05:21:12 UTC
Last seen:2020-06-30 05:48:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1fd7f3fa38ad4a10070b9dbdf2847350
ssdeep 6144:tio3b47mpN4zucBlrp2whs9dmUX7GCW8rho6++XNy0WkBSgd+Ws/uIkcYdQBbTbd:oIXpNO9Blir5WC+8Ok8YXdIwdQBjw
TLSH 41A40252F3A1D03DD002A230A525E7E64A7F38715624D1CB77D82B7EAEF12C1963E369
Reporter @abuse_ch
Tags:exe RaccoonStealer

RaccoonStealer C2:


Mail intelligence No data
# of uploads 2
# of downloads 31
Origin country US US
CAPE Sandbox Detection:n/a
ClamAV PUA.Win.Downloader.Aiis-6803892-0
CERT.PL MWDB Detection:raccoon
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Kryptik
First seen:2020-06-29 19:42:33 UTC
AV detection:25 of 30 (83.33%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:raccoon
Tags:ransomware stealer family:raccoon evasion spyware trojan discovery
VirusTotal:Virustotal results 41.67%

Yara Signatures

Rule name:win_raccoon_a0
Author:Slavo Greminger, SWITCH-CERT
Rule name:win_raccoon_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download


Executable exe 6a24e9b0bb291a57dd790134d41758e4e4862e01a05508354a7f134ae6169107

(this sample)

Delivery method
Distributed via web download