MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7a350da4a5263ee182de850ccd69662e6162b8e3fa42ed089a89be10cecbc05. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 12

Intelligence 12 IOCs 1 YARA File information Comments

SHA256 hash:	a7a350da4a5263ee182de850ccd69662e6162b8e3fa42ed089a89be10cecbc05
SHA3-384 hash:	f952fb8e0a6b8ee5e4cf17f43623017a586f631b228b99c5cfadcdac1a3be10e0e68de1d67216a4d6e9c0b47a93f7020
SHA1 hash:	a14364424796ac53fc3ff9c07c484910b8c8a068
MD5 hash:	f814953dd1903ce502be57b6bed587c0
humanhash:	bulldog-india-december-alanine
File name:	A7A350DA4A5263EE182DE850CCD69662E6162B8E3FA42.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	556'032 bytes
First seen:	2021-08-13 07:57:15 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6ed4f5f04d62b18d96b26d6db7c18840 (235 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep	12288:gstMt1/5e+puY12F9aEsxcT07mRlLV708I7xNk2R/:rC/k+J2F3X7Rn708qk2R/
Threatray	1'753 similar samples on MalwareBazaar
TLSH	T1B8C412010D889BADE0D56AFD76BEEF1408A564606A417F213816C0FDAC357D06EDFECA
dhash icon	96deeedec6f6dac2 (2 x RaccoonStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://45.67.231.40/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://45.67.231.40/	https://threatfox.abuse.ch/ioc/184315/

Intelligence

File Origin

# of uploads :

# of downloads :

124

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

A7A350DA4A5263EE182DE850CCD69662E6162B8E3FA42.exe

Verdict:

Malicious activity

Analysis date:

2021-08-13 08:36:01 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/d1415668-e4f8-44e5-ad24-f10b5243155d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/178903/

Detection(s):

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-4

Win.Packed.Glupteba-9820400-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Connection attempt

Sending an HTTP POST request

Launching the default Windows debugger (dwwin.exe)

Sending a UDP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/1ad19e8d-712f-4f7e-81ef-812b9978e25c

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/832295

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/a7a350da4a5263ee182de850ccd69662e6162b8e3fa42ed089a89be10cecbc05/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2021-01-05 23:17:45 UTC

AV detection:

25 of 28 (89.29%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=u6rvbwskkjr64gbn5bimzvuwmltbmk4oh6sc5uejvcn6cdhmxqcq._file

Verdict:

malicious

RaccoonStealer

32e125f7f3ef9b47abfe0ee4720fe3a06a394471ce98e33a9f9149583ba5f9a2

RaccoonStealer

44bc9b5ec0d573cb94869694eb76a9f9b50e35d2c678b42069d5fb4a014d9da6

RaccoonStealer

5ce6bbd67a94b1746e7201830358003aff2897e047f6b411acf459eb7ed1eab7

RaccoonStealer

61abffe7b468184ecfd3d7dd2abba84685b03bc3f67c38d98bb034beb8a6aa71

RaccoonStealer

72ffb33848edcaf7bd2c4fc56d9e65d2572f97ede9aaf9b98eb3bee837fe1a34

RaccoonStealer

8511964ac27c1585d49ccb8ee1db4a3af663c80bd3e6094779a402879c3b6a96

RaccoonStealer

89999fe00328cf640ec8e3e37afe44423578b765bb5eca4f8358b028152b33d2

RaccoonStealer

e712c96d24277d1104e11fecb574f588c5ea68d4b702dbb2348bc711b845c2b3

RaccoonStealer

+ 1'743 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:5795f664a709e882ab1ab1029a85e1649f221474 stealer upx

Link:

https://tria.ge/reports/210813-6gw5qcqal2/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Raccoon

Raccoon Stealer Payload

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

d83442236ac67294edde6a807cebe73d6bc545809864c04fae308b4461b5b645

MD5 hash:

4208485a9d57f831009fde7dc5dc4f13

SHA1 hash:

f8b35054e9ed7d84998ba44c56bd650ab19bbe01

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/24e09009-3105-4b61-b7ae-c27c4508d11f/

SH256 hash:

8b5576ec01e617d309fdb42543da5251a126758e8aa5dff66ff64988141b872f

MD5 hash:

67e71e4ebdbabcf46904adbb0f16ccd9

SHA1 hash:

064307307e51a2ce6575f72062f642224140968f

Link:

https://www.unpac.me/results/24e09009-3105-4b61-b7ae-c27c4508d11f/

SH256 hash:

a7a350da4a5263ee182de850ccd69662e6162b8e3fa42ed089a89be10cecbc05

MD5 hash:

f814953dd1903ce502be57b6bed587c0

SHA1 hash:

a14364424796ac53fc3ff9c07c484910b8c8a068

Link:

https://www.unpac.me/results/24e09009-3105-4b61-b7ae-c27c4508d11f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.24

Link:

https://yomi.yoroi.company/submissions/a7a350da4a5263ee182de850ccd69662e6162b8e3fa42ed089a89be10cecbc05

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/178903/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample