MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 099e02bedaed90dc85dfaab83e2bc65fc45cf9f1c53298fa3415d1c7e3b057c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 099e02bedaed90dc85dfaab83e2bc65fc45cf9f1c53298fa3415d1c7e3b057c7
SHA3-384 hash: af3fa2f5581778a5a1817b5b507ca9bf2f24b229fc1db9ebeabc86f6077d18b51ef40ffdc26dafd6f26ff1d1c0e76590
SHA1 hash: ffe5e96e31592edc7832f1afd0fda9b0018a5547
MD5 hash: c3647b5ff116e48f825e0fe591ed8a53
humanhash: friend-shade-angel-white
File name:c3647b5ff116e48f825e0fe591ed8a53
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:172'032 bytes
First seen:2021-10-11 11:34:43 UTC
Last seen:2021-10-11 12:53:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ae1930ab190d7663a058f50c2e04145 (2 x RaccoonStealer, 1 x GuLoader)
ssdeep 3072:7VDbq+pIukAeL5MhR5zf9vKrDAwcw6pjKHmwNOw+SG:RDNleaj5T9vyD/cw6pyNNpG
Threatray 6'240 similar samples on MalwareBazaar
TLSH T1EDF305609A74FC26D09044F2BA6080FB9B6D2D30FC4516DBF6817F8A39FB7A16214797
File icon (PE):PE icon
dhash icon 5e5e9a1cc4a43902 (1 x RaccoonStealer)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c3647b5ff116e48f825e0fe591ed8a53
Verdict:
No threats detected
Analysis date:
2021-10-11 11:40:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/05be8950-eb68-4094-9c5a-b3f9302f4b39

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/196598/
Detection(s):
SecuriteInfo.com.__vbaHresultCheckObj.18862.23647.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Link:
https://www.filescan.io/uploads/61642168fd35fe780c37e249/reports/6e3d2e39-9a93-4ec3-a48e-c95fd65d880a/overview
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/867959
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Uses dynamic DNS services
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/099e02bedaed90dc85dfaab83e2bc65fc45cf9f1c53298fa3415d1c7e3b057c7/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-10-11 11:35:03 UTC
AV detection:
8 of 28 (28.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bgpafpw25winzbo7vk4d4k6gl7cfz6pryuzjr6rucxi4py5qk7dq._file
Verdict:
malicious
Similar samples:
47046d5dfe7ecf45e4c31f25b975af78684f9727b91a7d052b5731e95d2f0a4c
RaccoonStealer
7afa7c7724abb034d3155e1e1fc1fd3f9961e56fd6119428d975d8aaee3070f9
RaccoonStealer
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
RaccoonStealer
9bdb2adacff9530fde8a0b020e84188b0b39995db62ba167608d8e2493bd3ee4
RaccoonStealer
ae83f208925ec791bd10f37e0cd1bfc98473ea586c4814288a243c7d579c2e55
RaccoonStealer
afc7d530c112b47cd33295262f533df60f12568ede477091434381b0d6a2cc8c
RaccoonStealer
bd6cf98ff23cdad2f5bb43bb60e61275d8ad1ad7baeb609aa0a812fc048fede0
RaccoonStealer
c565ce12f63b1cb897156e0234907a49517439247747cc7df5b69952c1e7ce43
RaccoonStealer
db48dc160b1f48b8939b0d49c5f0bee2a28bc3b340cff62cea8da50424e1afea
RaccoonStealer
+ 6'230 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/211011-np187shagr/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
Guloader,Cloudeye
Unpacked files
SH256 hash:
49b04162c412105ab0857de16713724cbf3234a0b6ba51f3a5286312633f20c3
MD5 hash:
1f1b425190b2fb0396ad2d538b1060ba
SHA1 hash:
413f98641d46fdcabfcaf64f29495667de6282ea
Link:
https://www.unpac.me/results/99c2cf05-0bd2-4854-8dd0-8c60415d6782/
SH256 hash:
099e02bedaed90dc85dfaab83e2bc65fc45cf9f1c53298fa3415d1c7e3b057c7
MD5 hash:
c3647b5ff116e48f825e0fe591ed8a53
SHA1 hash:
ffe5e96e31592edc7832f1afd0fda9b0018a5547
Link:
https://www.unpac.me/results/99c2cf05-0bd2-4854-8dd0-8c60415d6782/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/099e02bedaed90dc85dfaab83e2bc65fc45cf9f1c53298fa3415d1c7e3b057c7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 099e02bedaed90dc85dfaab83e2bc65fc45cf9f1c53298fa3415d1c7e3b057c7

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/196598/
  
URLhaus
https://urlhaus.abuse.ch/url/1597404/

Comments