MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 025d420ff6377113c978e8ae774aba4fa57aa750c76181f30ce9dff7e08060e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	025d420ff6377113c978e8ae774aba4fa57aa750c76181f30ce9dff7e08060e8
SHA3-384 hash:	da35543a11f81ed8987e2eced939f11981012a208efb05c10ee2e34664ae8b5e6d7f36ae969228ecc1cff3f357559f2f
SHA1 hash:	e470880a9d5ed37ac6696ed961c8b6df339c685d
MD5 hash:	80fa79c3f2b8b124f5d005bb5b22fce7
humanhash:	pluto-enemy-yankee-charlie
File name:	80fa79c3f2b8b124f5d005bb5b22fce7.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	596'992 bytes
First seen:	2020-05-18 07:17:56 UTC
Last seen:	2020-05-18 08:22:56 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	59c9951075648745f5e0ce8a58c08d3f (2 x RaccoonStealer)
ssdeep	12288:lf+C2LQZxcLexkC8j75/upjIvqGiGJZgjUjaD34LJmITBdlgSbYAEO:lf+C20HcL8kCgl/utIdAYjaD34LJmIll
Threatray	214 similar samples on MalwareBazaar
TLSH	4EC412E1B291FC3AC1B20170A438E6A02A7B7D211B55924B7B593FAE3F302917F76157
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://34.105.255.170/gate/log.php

Intelligence

File Origin

# of uploads :

2

# of downloads :

96

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-18 07:35:40 UTC

File Type:

PE (Exe)

Extracted files:

22

AV detection:

35 of 48 (72.92%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ajoued7wg5yrhsly5cxhosv2j6sxvj2qy5qyd4ym5hp7pyeamdua._file

Verdict:

malicious

Similar samples:

07bfebe8d71ba6f9d0f0b05d40648777a4200a5811a1c6000f825c6d3e8246a4

2b54fb9596441cbdb7f2208b41a717adba83c5834a49c534f54d479131f750c1

34d6b5b7b09f0d4c0228f41f8e262278b3d9b9708d37be7f18b05bf6a79061ad

6dde139997c94c4a3c9aaf4ce3c8113d67d649c4c5e8bd8da9c5b71a7853e3dd

8092f7adff425c2972f2716e2d31fedb1057c692eb8f0d4ca65d1a97537932a7

8632fe4db48026aebe76829dc79cfc6f1e94670507a69e6d11a1b7abde3d5612

a61d49a1253008d99edb3454be53014f5aca06bd41bd70b77ad2266a3579fcbe

af0a3834638be40e679b27b8fe35a494906e3ef293e4ac5b16ceb1d198939d09

c83c246441fe989317d94896673b0727422e96650cd1fc41f86f57797131a17f

e6d287e8934bea3f8c237e9095cfebd7e629bb2a9624eafc0b26065e0e03485f

+ 204 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-bh22dp8hea/

Behaviour

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 025d420ff6377113c978e8ae774aba4fa57aa750c76181f30ce9dff7e08060e8

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/363091/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample