MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9edd7cee5010a9f5aa39bc0be68f8738fa6a537cafd5d07620be35f7126fb95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9edd7cee5010a9f5aa39bc0be68f8738fa6a537cafd5d07620be35f7126fb95
SHA3-384 hash: 76854a35151dd0ec62b9c24ea9a55e6f54bfe042fa847e8e7bcad4525a3da43fd8c1775fc0089af070160d63a8eecf0d
SHA1 hash: c7489db36974addcbb711aefb4d9c9a8475c45a6
MD5 hash: 22b0e4d2795842ca55381be2564911d5
humanhash: connecticut-zulu-summer-vermont
File name:A9EDD7CEE5010A9F5AA39BC0BE68F8738FA6A537CAFD5.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:552'448 bytes
First seen:2021-08-13 23:56:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (235 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 12288:SjtSQJCeGEOfoSrkIit/qA7FAQuXfmZG9X6AxKQAk:SjtLA91f3kX/qZQuXf79K8KQA
Threatray 1'804 similar samples on MalwareBazaar
TLSH T115C4126045005C90F0648A32EF3E2EFF685691F1DDDE160A3B0EED4BDEFA5422A5391E
dhash icon 96deeedec6f6dac2 (2 x RaccoonStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://45.153.230.19/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://45.153.230.19/ https://threatfox.abuse.ch/ioc/185490/

Intelligence

File Origin
# of uploads :
1
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
A9EDD7CEE5010A9F5AA39BC0BE68F8738FA6A537CAFD5.exe
Verdict:
Malicious activity
Analysis date:
2021-08-13 23:59:35 UTC
Tags:
trojan stealer raccoon
Link:
https://app.any.run/tasks/f7275685-2a7b-46ca-8de6-2dc1901237b3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/179106/
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

Win.Packed.Glupteba-9820400-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt to an infection source
Connection attempt
Sending an HTTP POST request
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Sending a UDP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0e0beffa-dd3c-4025-ae2b-a2de34e575eb
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/832706
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/a9edd7cee5010a9f5aa39bc0be68f8738fa6a537cafd5d07620be35f7126fb95/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-01-05 03:26:00 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vhw5ptxfaefj6wvdtpal42hyooh2njjxzl6v2b3cbprv64jg7okq._file
Verdict:
malicious
Similar samples:
192967ac0348f243cae1256bc9d80830bd20cc41a50b70126a386c4fae3597ee
RaccoonStealer
3d52abc51bee95d4af35f871dd6b35fd1d08b89fb191b192d8da47988ec82e24
RaccoonStealer
44bc9b5ec0d573cb94869694eb76a9f9b50e35d2c678b42069d5fb4a014d9da6
RaccoonStealer
873e8fdc6744802bdd4372c9d752dd8d63c02a51a68dec3b328a02d0262c58f8
RaccoonStealer
962f73780df929deebef79caa97fe5432bf3163ad11abab65ad869827dd062a8
RaccoonStealer
96e8a552286bdc774b6aa631a854546e8124aada68ab2b9ee0effbacbea9face
RaccoonStealer
a7a350da4a5263ee182de850ccd69662e6162b8e3fa42ed089a89be10cecbc05
RaccoonStealer
bd5f339b333a5a2b94681d0e054e7e607d96379e7e944ac9d356eab06ac5e60a
RaccoonStealer
f40c77a22e3ec01343290ceab219f059bbde44af897e2949e779fb827720a5a4
RaccoonStealer
+ 1'794 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:93f8b7c053c38cf658e833ccd257c4cb9233760d stealer upx
Link:
https://tria.ge/reports/210813-twr5y92xk2/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Raccoon
Raccoon Stealer Payload
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
b53e52f649a217c0934d4578d05d8650489bcc02a18d7d99030f73320c18724d
MD5 hash:
e7eb5e5b3a52d9d3893eee2e341c9678
SHA1 hash:
c5dd761902b71f658905ed79f5df1a8170433b18
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/d249fedc-d097-4399-a5b3-24f41cdc1386/
Parent samples :
44bc9b5ec0d573cb94869694eb76a9f9b50e35d2c678b42069d5fb4a014d9da6
a9edd7cee5010a9f5aa39bc0be68f8738fa6a537cafd5d07620be35f7126fb95
SH256 hash:
f1a1dfc5171412f528d7c516cc726d05320ede0b4a551b016ad06733823f1cda
MD5 hash:
6fd35a2628da972f772812a05c88aa4f
SHA1 hash:
14d15766c812446cce7568ded8e05b46980ded8a
Link:
https://www.unpac.me/results/d249fedc-d097-4399-a5b3-24f41cdc1386/
SH256 hash:
a9edd7cee5010a9f5aa39bc0be68f8738fa6a537cafd5d07620be35f7126fb95
MD5 hash:
22b0e4d2795842ca55381be2564911d5
SHA1 hash:
c7489db36974addcbb711aefb4d9c9a8475c45a6
Link:
https://www.unpac.me/results/d249fedc-d097-4399-a5b3-24f41cdc1386/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.24
Link:
https://yomi.yoroi.company/submissions/a9edd7cee5010a9f5aa39bc0be68f8738fa6a537cafd5d07620be35f7126fb95

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/179106/

Comments