MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a118c1fa47b9b0d18fe7a808911335e3d265867e8331dd3d36cb6b33b405983. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 2 Comments

SHA256 hash: 7a118c1fa47b9b0d18fe7a808911335e3d265867e8331dd3d36cb6b33b405983
SHA3-384 hash: 7fbd58ba7f7961d72d7b5b90d3f68b5afc98994a9ede5f08da9d898d41fb1abf5509f2aa759f3e9ceeec203d161f847b
SHA1 hash: 0d520ecd1c95c6bcb64c18f22f254c3e6e524d7b
MD5 hash: e5f1fe7a1a4f584f72d20e545171bd66
humanhash: pluto-utah-delaware-bulldog
File name:e5f1fe7a1a4f584f72d20e545171bd66.exe
Download: download sample
Signature RaccoonStealer
File size:847'424 bytes
First seen:2020-07-31 08:46:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 841c66fbfdd98c985cdefc826bf3e1b8
ssdeep 12288:gCf5QfVp4QWAdj0T1AmyeTqlK6NTCk66KAF8C0AoGnQtaVHQD6y:JWpJWYoty7lK6NGk66jZ0SnFHQD6y
TLSH DB058F2EB714DFA0D9C10CF88EB1C2D200FB95B61A0397D691AEA95134EFC7E913517A
Reporter @abuse_ch
Tags:exe RaccoonStealer


Twitter
@abuse_ch
RaccoonStealer C2:
http://34.65.10.107/gate/log.php

Intelligence


File Origin
# of uploads :
1
# of downloads :
28
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Creating a file
Reading critical registry keys
Deleting a recently created file
Delayed reading of the file
Running batch commands
Launching a process
Stealing user critical data
Sending an HTTP POST request to an infection source
Sending an HTTP GET request to an infection source
Result
Threat name:
Raccoon
Detection:
malicious
Classification:
troj.spyw.evad
Score:
84 / 100
Signature
Contains functionality to steal Internet Explorer form passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Threat name:
Win32.Infostealer.Racealer
Status:
Malicious
First seen:
2020-07-31 02:06:00 UTC
AV detection:
22 of 29 (75.86%)
Threat level
  5/5
Result
Malware family:
raccoon
Score:
  10/10
Tags:
ransomware stealer family:raccoon spyware discovery
Behaviour
Suspicious use of WriteProcessMemory
Modifies system certificate store
Delays execution with timeout.exe
Checks installed software on the system
JavaScript code in executable
Loads dropped DLL
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Deletes itself
Raccoon log file
Raccoon
Threat name:
Kryptik
Score:
1.00

Yara Signatures


Rule name:win_raccoon_a0
Author:Slavo Greminger, SWITCH-CERT
Rule name:win_raccoon_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 7a118c1fa47b9b0d18fe7a808911335e3d265867e8331dd3d36cb6b33b405983

(this sample)

  
Delivery method
Distributed via web download

Comments