MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08ff05c7d5ea1a8b4af9d40deec84d56b178c043e38613081722963667f0a181. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08ff05c7d5ea1a8b4af9d40deec84d56b178c043e38613081722963667f0a181
SHA3-384 hash: d300cceb4882f78e92be8808336396560f1b128dbae73ca8471ce8e16063bc27935cbb05e01be7b0705dc654f39fd941
SHA1 hash: cf15043518df3306562dee1fa5fb3eb4bb1a06e4
MD5 hash: c29a42ae9f3a44e8b7358e9b8fcd46e5
humanhash: nine-grey-don-carpet
File name:c29a42ae9f3a44e8b7358e9b8fcd46e5.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:7'258'624 bytes
First seen:2022-07-14 06:20:34 UTC
Last seen:2022-07-15 04:09:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0901266657d602fff9c7d9a865574642 (16 x RecordBreaker, 2 x RaccoonStealer)
ssdeep 196608:eo88pwOjS9wfMJ/0LClxvZ+9GsT5DxVWpa:D8awOu93sOlxhwGP0
Threatray 31 similar samples on MalwareBazaar
TLSH T1AE7623232210B191D8E5CA318D3BFEA471F6033D9A419C7DA9C77ED628722F59253B87
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 70c08e8e8e8ef871 (1 x RaccoonStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
3
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/288449/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.18259.16553.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP POST request
Sending an HTTP GET request
Creating a file
Reading critical registry keys
Stealing user critical data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62cfb6253ec0b06899787c8d/reports/e95539da-9d69-4d6e-aea8-d41dc020e07e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6ffc1375-d1b3-4575-a747-fa45579f13e5
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1031861
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/08ff05c7d5ea1a8b4af9d40deec84d56b178c043e38613081722963667f0a181/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-07-13 19:07:38 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
24 of 41 (58.54%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bd7qlr6v5iniwsxz2qg65scnk2yxrqcd4odbgcaxekldmz7qugaq._file
Verdict:
unknown
Similar samples:
03626471a65baf211f2110cd91e52b9e44524780e042a473cd09d864d9af20a0
RaccoonStealer
06cd1b17015926da3c902f7b67e130054e9170f355a1cdf1274ddc955f4152ee
RaccoonStealer
0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256
RaccoonStealer
40daa898f98206806ad3ff78f63409d509922e0c482684cf4f180faac8cac273
RaccoonStealer
462d28d7f7f0ceb1a2e5f59f8dbf5f1650e4370a0edc8faccfad3ebac73baafc
RaccoonStealer
6887d3d4d5baa135418c2305915c56b448960d03c427f6c63c430465ddaa6547
RaccoonStealer
78b811d0d4031e590324cc4892780f4caa5bb94dc92bbc04f8ea2dc254ac5c8b
RaccoonStealer
960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63
RaccoonStealer
c6d4500d19092b123a80369430e15d353a49b628e28f8f6ecab46809e8ac8938
RaccoonStealer
e8e4a4c7c5c593136058722cabe2d42631feffde95d923f5fd7020b0c7286f22
RaccoonStealer
+ 21 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon discovery spyware stealer
Link:
https://tria.ge/reports/220714-g4ev7acge9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Unpacked files
SH256 hash:
3a548fbb59a18f54c80c44be6338cd51394975ea97ff3d8f38519351f9782958
MD5 hash:
98bc51b9c14c9b3d470e2dc63089a74c
SHA1 hash:
122cc99264630270710b174cda08f4025ae5bbb7
Link:
https://www.unpac.me/results/2eb5da76-1ff2-4ca5-a497-86da3c9f95b1/
SH256 hash:
08ff05c7d5ea1a8b4af9d40deec84d56b178c043e38613081722963667f0a181
MD5 hash:
c29a42ae9f3a44e8b7358e9b8fcd46e5
SHA1 hash:
cf15043518df3306562dee1fa5fb3eb4bb1a06e4
Link:
https://www.unpac.me/results/2eb5da76-1ff2-4ca5-a497-86da3c9f95b1/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/08ff05c7d5ea/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/08ff05c7d5ea1a8b4af9d40deec84d56b178c043e38613081722963667f0a181

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 08ff05c7d5ea1a8b4af9d40deec84d56b178c043e38613081722963667f0a181

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2257207/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/288449/

Comments