MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0838b673be73014ff6e29d784247ad3b44a794dd2134301bb25c8dd0a3f5b0ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	0838b673be73014ff6e29d784247ad3b44a794dd2134301bb25c8dd0a3f5b0ae
SHA3-384 hash:	42e63258aa88fd9689efe5b264d2c17a8a9fdaf32f4944c8afe03acbcb930d6dbe95fb5a8cc4b24ab087ef1ce6dc4b3c
SHA1 hash:	280c07c3157e28d3c0b2b452815b30191a367181
MD5 hash:	310a2b89168904f4976dc2505762c3af
humanhash:	lamp-illinois-mountain-xray
File name:	Scan2022-02-18_132844-64.xll
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	567'808 bytes
First seen:	2022-02-23 15:28:44 UTC
Last seen:	2022-04-20 09:47:03 UTC
File type:	xll
MIME type:	application/x-dosexec
imphash	a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep	12288:Qn/zDvGHAykH8vLW/4+8bzbBSreMdHBY4ZyrE7K3yl8PeVooA/AB2LEJZsAQPUqw:CzbGHAzHKjX1IBY4ZyrE7K3yl8PeVoo/
Threatray	57 similar samples on MalwareBazaar
TLSH	T10CC48E57F7DBFAB0E6BE827A86F1851C527774620260A78F664072886D23392453DF0F
Reporter	abuse_ch
Tags:	RaccoonStealer xll

Intelligence

File Origin

# of uploads :

6

# of downloads :

265

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Generic-9939833-0

SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

Office Add-Ins - Suspicious

Link:

https://app.docguard.net/0838b673be73014ff6e29d784247ad3b44a794dd2134301bb25c8dd0a3f5b0ae/results/dashboard

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/621652c9875593a3cc0b5122/reports/0ffc0b6a-686d-4195-831a-169799704386/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0838b673be73014ff6e29d784247ad3b44a794dd2134301bb25c8dd0a3f5b0ae/

Threat name:

ByteCode-MSIL.Trojan.Sonbokli

Status:

Malicious

First seen:

2022-02-23 15:29:13 UTC

File Type:

PE+ (Dll)

Extracted files:

2

AV detection:

9 of 27 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ba4lm456omau75xctv4eer5nhnckpfg5ee2dag5slsg5bi7vwcxa._file

Verdict:

unknown

Similar samples:

12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd

4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539

727f124333294aaba156840955cbfc6ac7470768c65c1582c5e0dbfcb6f8722f

864b3cc362f84975007a63ae6f7fa6b4bdcc06f4459195896ebee385443ed44a

983ffa1a7513ab6d015e1c4785bda2a2f20a47bf6091773db9341ebcdaf84e93

9b682330445e8eb6445cc43968e21ae3ffe1b9d8c3ae5210c9a8d12416315d5d

aba88fbca4bc1906e9602f61b25d48d01cf476d48bda115f317fda930313492c

ade73b7033e024443c9ebffc25a424d3a1fc4e67c674fcd585e9d5d5d2c774a0

bf3529c3d7d27a23db406da1cae1ab04e4b0c5b14de4aa69d5bb11166e1e5c1f

d340898f14aaa9f884b022b4be1b849eae4be5e275432348dc6bcb1fa09e28cb

+ 47 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:39f537df21b7478b81f438da338d46671782b9a4 stealer suricata

Link:

https://tria.ge/reports/220223-sww1aabhfn/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Loads dropped DLL

Downloads MZ/PE file

Executes dropped EXE

Raccoon

suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0838b673be73014ff6e29d784247ad3b44a794dd2134301bb25c8dd0a3f5b0ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample