MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 070c45432f832f1b39c1882b4f5ef8729343f24665b6b5a090ee775dbc116540. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 11


Intelligence 11 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 070c45432f832f1b39c1882b4f5ef8729343f24665b6b5a090ee775dbc116540
SHA3-384 hash: 51b3302f8639463ff53bb7d8e2b0778c73e1c9faedf6b51fb17aebf5f2feddf5a9b507f78a94cb6a4773b70e07a7fc44
SHA1 hash: e4189d7659cfc556a82fb7e2953650f6af1d7575
MD5 hash: 0fed433a7063da2222fd37db3832e33e
humanhash: muppet-saturn-ohio-tennis
File name:0FED433A7063DA2222FD37DB3832E33E.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:1'076'224 bytes
First seen:2021-06-25 20:45:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1a648ebd2094332fd6fb5f72cf1c7971 (1 x FickerStealer, 1 x RaccoonStealer)
ssdeep 24576:IscqzDQhX1lerZ4v1acwAyXIrt2go5pvxM+Yy5X1IVeY27:I4ghQZ4tyA1r3o5ZxNX1IVeY
Threatray 1'313 similar samples on MalwareBazaar
TLSH 8535D127A2C19437D2B32E348CBB51A898357BCC2D25D88B6AD83F489F367513B72157
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://34.141.128.39/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://34.141.128.39/ https://threatfox.abuse.ch/ioc/153871/

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0FED433A7063DA2222FD37DB3832E33E.exe
Verdict:
Malicious activity
Analysis date:
2021-06-25 20:47:30 UTC
Tags:
trojan stealer raccoon
Link:
https://app.any.run/tasks/1854ca15-8bc3-431f-ac9e-2e4d04c6f393

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/168390/
Detection(s):
SecuriteInfo.com.Adware.Generic4.AANW.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3e1df0e1-311a-4161-8533-39e966684bf8
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/808317
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to evade analysis by execution special instruction which cause usermode exception
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/070c45432f832f1b39c1882b4f5ef8729343f24665b6b5a090ee775dbc116540/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-06-22 23:14:46 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a4gekqzpqmxrwoobravu6xxyokjuh4sgmw3llieq5z3v3parmvaa._file
Verdict:
malicious
Similar samples:
137026a259166724d41d797fc3a5fd8ba40c30e9eab4e71db7ab8ad54747a77a
RaccoonStealer
211360b0cb7bd4e1fa953a5452efd4e0e28f1917ba51ed4c2e6f6800ea86780f
RaccoonStealer
372e3f20168cb6280781e04db5b47a84c3496bde190343f4cb54a7e80c4a0c6e
RaccoonStealer
3bbc9dc239950316f60ce159afff3e7d7d1ea57c0feb1288a699da981662b9d5
RaccoonStealer
612e83248527b731211cc4161bf7c9bf3c15c59312725ef1285902558c3ceb70
RaccoonStealer
67ee0a1422563807cb5af36dd2527d3e96f5532f34020c0cdacb4325d31d77b0
RaccoonStealer
b46bcadf27236d47a847bf4d96e24db984c7f61485b0eec1f97ca1e3c3ac4079
RaccoonStealer
b82b210a1ead0d52042310991c59e3417ea2606f00591b7bd4440e8d23d31f88
RaccoonStealer
dd1dea95bf17e3f135d2740e87d8b9f08ccf347e4ff832b9e747f775017ff346
RaccoonStealer
e11501c9e16a2f69751da6f5d8d2e5ff3023eea48baf5008a197e20a2ffd66be
RaccoonStealer
+ 1'303 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon discovery spyware stealer
Link:
https://tria.ge/reports/210625-w2887hk35n/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
070c45432f832f1b39c1882b4f5ef8729343f24665b6b5a090ee775dbc116540
MD5 hash:
0fed433a7063da2222fd37db3832e33e
SHA1 hash:
e4189d7659cfc556a82fb7e2953650f6af1d7575
Link:
https://www.unpac.me/results/42952d39-8df6-4f95-b07a-958f9fbc14e4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/070c45432f832f1b39c1882b4f5ef8729343f24665b6b5a090ee775dbc116540

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/168390/

Comments