MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b68bc5c0df6f79fc25b191dc85bf3b5d9c3e2c9b77a3b64fe258d81cfe7169e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b68bc5c0df6f79fc25b191dc85bf3b5d9c3e2c9b77a3b64fe258d81cfe7169e
SHA3-384 hash: ef32c2fe46bff4ea8713868a028ddd8312cb72481f94e66811569e6e021c00436099a98452799f57cfb08834b08a05b6
SHA1 hash: 03d6a1bd12f31c2cd8ac5fda39874c0a9a8824f8
MD5 hash: 741de7d4a541c817d07dfa96dbd009f7
humanhash: bacon-fix-oklahoma-lemon
File name:agzdky.dll
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:1'523'528 bytes
First seen:2021-08-31 07:20:11 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 2f6217462053e82b91e7da21a09bb2f3 (1 x RaccoonStealer)
ssdeep 24576:frvaO9B+6xbSRtIq7Xs5IhyCdAUhgbBzY+rbPUoXjMs3neFoLGoZ:friEbxbeIq7XiPCd6bBzBfswl3eqLG2
Threatray 2'636 similar samples on MalwareBazaar
TLSH T1A365E0223AA5C0D1C80C6D39ED91CCCAA548BC356DB9B55B7EF03F2F62B3591984C19B
Reporter JAMESWT_WT
Tags:CODE - HANDLE s. r. o. dll RaccoonStealer signed

Code Signing Certificate

Organisation:CODE - HANDLE, s. r. o.
Issuer:Sectigo Public Code Signing CA R36
Algorithm:sha384WithRSAEncryption
Valid from:2021-08-23T00:00:00Z
Valid to:2022-08-23T23:59:59Z
Serial number: 54c793d2224bdd6ca527bb2b7b9dfe9d
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: 95b04eaf3ebdef5f7475e2fdebccd42a7a4869eb89b8e2ce2484af5225ea04b2
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/184057/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4ea85c2b-c832-4093-9b06-abdb5ec367ad
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/842326
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/0b68bc5c0df6f79fc25b191dc85bf3b5d9c3e2c9b77a3b64fe258d81cfe7169e/
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2021-08-29 01:07:11 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
14 of 46 (30.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bnulyxan633z7qs3deo4qw7twxm4hywjw55dwzh6ewgydt7hc2pa._file
Verdict:
suspicious
Similar samples:
7045ebc8901b28437b116f9ff37d6e16caf2b47e3b7986cc233add8410f1ec9f
RaccoonStealer
77207663d42c90aeeb0724391087ebeb2cdb6134ce1fe731ef908c8a961083fe
RaccoonStealer
a17024fcd2de08eaddf6e1a317c3a9106410cd8d536fd7e9520899370f97e69c
RaccoonStealer
e8e31ad00eb7d6e4124e0d9dcd2a2e4ca20afa68007c0e655ae8cc5ca4bfdad9
RaccoonStealer
fddafc863ca9e1f9efc8918b400546d014415aaabf0eb21f423dcf16d7024964
RaccoonStealer
ff1ddb96f4984d4ed65016ca7814432d51a08fe090fae4907e85926469e880da
RaccoonStealer
+ 2'626 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/210831-78t6zy7pse/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Loads dropped DLL
Reads user/profile data of web browsers
Blocklisted process makes network request
Unpacked files
SH256 hash:
618f1235b0dfa9b803a91fb5e41c7b9ef3465940d5521da5781f3686c5eada43
MD5 hash:
863128cbb6bb9057e22ce0c3078018ce
SHA1 hash:
d7396e543b7860323edbcc68cd39d3127f623614
Detections:
win_raccoon_a0
Create hunting rule
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/b2f6e932-c94d-4027-9e46-a2b427163222/
SH256 hash:
0b68bc5c0df6f79fc25b191dc85bf3b5d9c3e2c9b77a3b64fe258d81cfe7169e
MD5 hash:
741de7d4a541c817d07dfa96dbd009f7
SHA1 hash:
03d6a1bd12f31c2cd8ac5fda39874c0a9a8824f8
Link:
https://www.unpac.me/results/b2f6e932-c94d-4027-9e46-a2b427163222/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0b68bc5c0df6f79fc25b191dc85bf3b5d9c3e2c9b77a3b64fe258d81cfe7169e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/184057/

Comments