MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8b4f035a0bfea78b46dcb6c904fa4ca84d7f758d2d5c749182e36d9f352a6b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 2 Comments

SHA256 hash: d8b4f035a0bfea78b46dcb6c904fa4ca84d7f758d2d5c749182e36d9f352a6b1
SHA3-384 hash: 6aedb3443634930624ae9a4061f998c935e1082cc4ca45feef8c0ac3e1129e8d5d281bc647cafe1f0012133151298faf
SHA1 hash: 05b6d68e2ccee2ab13386e842660323770808e00
MD5 hash: 0a3446edafe9dcde7e03f0a3ccc9ea10
humanhash: ceiling-south-lake-kansas
File name:0a3446edafe9dcde7e03f0a3ccc9ea10.exe
Download: download sample
Signature RaccoonStealer
File size:847'424 bytes
First seen:2020-07-31 10:19:10 UTC
Last seen:2020-07-31 11:09:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 841c66fbfdd98c985cdefc826bf3e1b8
ssdeep 12288:uCf5QfVp4QWAdj0T1AmyeTqlK6NTCk66KAF8C0AoGnQtaVHQD6l:PWpJWYoty7lK6NGk66jZ0SnFHQD6l
TLSH C9058F2EB714DFA0D9C10CF88EB1C2D200FB95B61A0397D691AEA95134EFC7E913517A
Reporter @abuse_ch
Tags:exe RaccoonStealer


Twitter
@abuse_ch
RaccoonStealer C2:
http://34.65.10.107/gate/log.php

Intelligence


File Origin
# of uploads :
2
# of downloads :
28
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Threat name:
Raccoon
Detection:
malicious
Classification:
troj.spyw.evad
Score:
84 / 100
Signature
Contains functionality to steal Internet Explorer form passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-31 09:47:06 UTC
AV detection:
24 of 31 (77.42%)
Threat level
  5/5
Result
Malware family:
raccoon
Score:
  10/10
Tags:
ransomware spyware discovery stealer family:raccoon
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Modifies system certificate store
Checks installed software on the system
JavaScript code in executable
Loads dropped DLL
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Deletes itself
Raccoon
Raccoon log file
Threat name:
Malicious File
Score:
0.80

Yara Signatures


Rule name:win_raccoon_a0
Author:Slavo Greminger, SWITCH-CERT
Rule name:win_raccoon_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe d8b4f035a0bfea78b46dcb6c904fa4ca84d7f758d2d5c749182e36d9f352a6b1

(this sample)

  
Delivery method
Distributed via web download

Comments