MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7470133d3007e06a3444978fa8d8fc9961eb153c3cafeefc1ab2da05b9fe2cae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara 1 Comments

SHA256 hash: 7470133d3007e06a3444978fa8d8fc9961eb153c3cafeefc1ab2da05b9fe2cae
SHA3-384 hash: 4e0c4973a948ffebd2417787814493d7bb4b153b78d5e23e4b4bf435e659ad0bb728d97887d376d4f6ae122f633cf9a1
SHA1 hash: d5c406c9110363d1b1afce922f4d862169df85e4
MD5 hash: 8353ae9237665633907156980d73fa40
humanhash: nebraska-louisiana-carpet-potato
File name:qweq.exe
Download: download sample
Signature RaccoonStealer
File size:537'088 bytes
First seen:2020-06-30 06:15:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fa9f01808c030db3867d07a097d454db
ssdeep 12288:GvSfEgHe3IZNtVQVG23mrXHH4xVVu4Z9uH2tNHOBL:+RgHe40Ge0Y/V3c2tNuBL
TLSH 7CB4F0033A908079D6674A7198628E544B3FFCE26670541FA7D8371E1E707E1AE3A36F
Reporter @Jouliok
Tags:exe Raccoon RaccoonStealer


Mail intelligence No data
# of uploads 1
# of downloads 22
Origin country GB GB
CAPE Sandbox Detection:n/a
ClamAV Win.Dropper.Vidar-8170701-0
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Kryptik
First seen:2020-06-26 12:20:47 UTC
AV detection:29 of 31 (93.55%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:raccoon
Tags:ransomware spyware discovery stealer family:raccoon
VirusTotal:Virustotal results 76.39%

Yara Signatures

Rule name:win_raccoon_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download


Executable exe 7470133d3007e06a3444978fa8d8fc9961eb153c3cafeefc1ab2da05b9fe2cae

(this sample)

Delivery method
Distributed via web download