MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b894523c9beb2e22e87d705de2f9f48a907f82a2cd9c55c3dc0c1ca186fcef20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 3


Intelligence 3 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b894523c9beb2e22e87d705de2f9f48a907f82a2cd9c55c3dc0c1ca186fcef20
SHA3-384 hash: b6276989dcd0f37f70f818f7f479f313763bd7f961db4c2572f9359ff8ed0a6127fcf06fad3b1080abf7af7189b533bc
SHA1 hash: 6d25c55ddbdcc09ea2761fbc47045a211d742365
MD5 hash: e3778e3fcbdbd7f589f1022678973b58
humanhash: emma-texas-arizona-table
File name:e3778e3fcbdbd7f589f1022678973b58.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:151'552 bytes
First seen:2020-05-28 14:36:21 UTC
Last seen:2020-05-28 18:18:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6e986685fd987a68a3e2046e070b545b (1 x RaccoonStealer)
ssdeep 1536:4mKsvAdn+/otC171+Powk+EQki6QNKHDfVD8S:bI+wMioB+bUQEjfD
Threatray 774 similar samples on MalwareBazaar
TLSH 50E37312B9D9AC3DD59A3AF15C88699A2A063C10BF0017EF11D5FBBD72364E16C71B0B
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://34.107.4.68/gate/log.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.jm0@Fqdkcjli.17792.4800.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 06:44:25 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
RaccoonStealer
31c29b9b1cee6db4cf305b1e74026561898466f13531fea132a8d4978db9e843
RaccoonStealer
399d5e3dd01fd470db08113b9381829fe9c0b9bb5626ea98d53a462c25cd803d
RaccoonStealer
476bb9c473787445f22e5a80de8a48d0bb273817f0d25bec1c491f6fde8b1770
RaccoonStealer
60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069
RaccoonStealer
610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9
RaccoonStealer
8e8c9171f64a457ec20c222a545fece4a897e08b1863e5c8f3c2a0086b5fbff5
RaccoonStealer
9eb3b45e80a9c2a6961a24c2955cf11fb51fac3416cb1eaa8e5f26164c00d39f
RaccoonStealer
a7187cba00f1ecf7d0ce8758c9376610eb513869152e7b4bd28e711f6b440053
RaccoonStealer
d335fad41e3f9b09effaf617e6c56554b667191c9c94f4b644a15b396408858b
RaccoonStealer
+ 764 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-aj8nxhrcyn/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_asyncrat_j1
Create hunting rule
Author:Johannes Bader @viql
Description:detects AsyncRAT
Rule name:win_netwire_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe b894523c9beb2e22e87d705de2f9f48a907f82a2cd9c55c3dc0c1ca186fcef20

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/371183/
  
Delivery method
Distributed via web download

Comments