MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01409a8c1a4815214036cdac1796e2a6b680f7149b2117346a1f01b809a18754. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	01409a8c1a4815214036cdac1796e2a6b680f7149b2117346a1f01b809a18754
SHA3-384 hash:	dae99e236d07e9977cb8ea250380b7c98f9b685e390472217848029206c002d74a964689449e822fb8c418effc59a706
SHA1 hash:	83513d2a955e93b5d31e9111f13c80b36de5f683
MD5 hash:	3c3809accc5ee5fd508de64a02c62984
humanhash:	delaware-spring-four-quiet
File name:	3c3809accc5ee5fd508de64a02c62984.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	589'824 bytes
First seen:	2020-05-18 16:39:40 UTC
Last seen:	2020-05-18 17:54:35 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	0c3b2bc5849dd06edfeff5392e8d1b8b (1 x RaccoonStealer, 1 x Gozi)
ssdeep	12288:aCcbOkh9KFMFLeA4BllDn7qsNlltDAEXlDmZbvMUrqC:aCiOkh5n4Bll/Nl/DAvbvMU2C
Threatray	348 similar samples on MalwareBazaar
TLSH	62C4122172A2C072C8F711320455ABA05B7DDDF26674A1CB2BBEDFBC6D201C05EBB596
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://34.105.255.170/gate/log.php

Intelligence

File Origin

# of uploads :

2

# of downloads :

95

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-18 15:45:39 UTC

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=afajvda2jakscqbwzwwbpfxcu23ib5yutmqrondkd4a3qcnbq5ka._file

Verdict:

malicious

Similar samples:

025d420ff6377113c978e8ae774aba4fa57aa750c76181f30ce9dff7e08060e8

07bfebe8d71ba6f9d0f0b05d40648777a4200a5811a1c6000f825c6d3e8246a4

1816556fa3a0df155987e973d599fb553684e315cf59bb1b8ea4bbcff95bdb24

1f057ca53fc065ca47ae62409af791cdd7c422a1080a4e4f7985987725ab9350

2c0fc1518735d0f354fbed168c2f96d51cfa0e0ebf2dac3f7179a0b5b462e5a9

70ec5843a563be04290314f543ed0369a822a71ee353008cda4a82346e341ff9

8092f7adff425c2972f2716e2d31fedb1057c692eb8f0d4ca65d1a97537932a7

885345d6e648c3ed211fcd7f23a0a4207b8f8f90226cf2dbd8325e8ec8e2ae80

accea9256a425eb64eb34ced6ae9e6090ce8117241df2d5e7d3e0a2ec5b232c9

beb2824122982ae356642d0d46c7fba54424687558a35df7e0b22263f9587332

+ 338 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-apy3smqcpj/

Behaviour

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 01409a8c1a4815214036cdac1796e2a6b680f7149b2117346a1f01b809a18754

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/364175/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/363091/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample