MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19e1615b05d89f0268b47c11407aa8023a65d704dadba3660557d81dd3e507cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 13


Intelligence 13 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19e1615b05d89f0268b47c11407aa8023a65d704dadba3660557d81dd3e507cb
SHA3-384 hash: 09590b1a58cc529339b13681a5a5c099416bd1183ee5393c3ce6c28d5baba42d3edbefc68c3fe73a0d4feb8fb81b59df
SHA1 hash: f243f980c6984198fa797be4e5124e1303ded32c
MD5 hash: 0781995cfad14127f39890b3d8394ff6
humanhash: mango-carolina-fix-july
File name:19e1615b05d89f0268b47c11407aa8023a65d704dadba.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:565'248 bytes
First seen:2021-09-14 04:55:29 UTC
Last seen:2021-09-14 06:10:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 36c786286bbc25d8ee5ac2239b6c4c04 (4 x RaccoonStealer, 1 x Stop, 1 x RedLineStealer)
ssdeep 12288:fBOK3JFYvKs9oXGPdIRDQ+Zd1cte/ZV+JGh:5LJFAG2P1+n8eRV+Yh
Threatray 3'033 similar samples on MalwareBazaar
TLSH T158C4E130BBA0C035E1B712F459BA97BCA52D39706F3451CB52E612EE56386E8DC3139B
dhash icon e8e8e8e8aa66a499 (51 x RaccoonStealer, 27 x ArkeiStealer, 22 x RedLineStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://94.158.245.117/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://94.158.245.117/ https://threatfox.abuse.ch/ioc/221022/

Intelligence

File Origin
# of uploads :
2
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
19e1615b05d89f0268b47c11407aa8023a65d704dadba.exe
Verdict:
Malicious activity
Analysis date:
2021-09-14 04:57:33 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/290d3b71-8225-4ec6-a821-a06cbe363cd2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/187636/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.21237.25542.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/617509899a5a1e91c5d1ff73/reports/d51634fe-ac99-4a70-be02-ce1ecb576e37/overview
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/44b559d1-7062-4352-951e-7c8720fab55d
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/850375
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/19e1615b05d89f0268b47c11407aa8023a65d704dadba3660557d81dd3e507cb/
Threat name:
Win32.Trojan.Raccoon
Create hunting rule
Status:
Malicious
First seen:
2021-09-14 04:56:09 UTC
AV detection:
18 of 44 (40.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dhqwcwyf3cpqe2fupqiua6viai5glvye3ln2gzqfk7mb3u7fa7fq._file
Verdict:
malicious
Similar samples:
03d23ad7ab07c264aa23794c51236157641a98f8a6b40dc063e3403e831b967b
RaccoonStealer
091ee9a9dd7f5501d96e04c9d7cfda6bb6cf3cdcb308f2ef293c123f675d56a7
RaccoonStealer
3c2557c292a2e3a61a85cd44f45f8f3998fd16db3e5e523353eac61a879f726a
RaccoonStealer
3fa40031fe4c0dda1a5e228221ab8e839333f6219d74e89114067c332b59bf39
RaccoonStealer
675d315e728f48317a23c5f63712f99e82090a2922ecb255f80f2545bfed788a
RaccoonStealer
75c941b968a0da0f653a9e21ec2939d615e49e4ffc3f64bb16e00170a5457b5a
RaccoonStealer
80f0607db29814c032dd81fabf31e3c7e1134c5cf9fde17d639556381d5299d3
RaccoonStealer
88bea616209dfb7515186c71ef3555315eae375e4bf1fdff5267aea751323ae6
RaccoonStealer
d5c5a22d496c874ed4da5e38cae2c72cc94bc9238e9385f05e7c0b11b87ff35a
RaccoonStealer
dba5e6264deed1c0d630810ce0ba5931e442398ab117ab551f05e77d69613bfb
RaccoonStealer
+ 3'023 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon discovery spyware stealer
Link:
https://tria.ge/reports/210914-fkqb5segf5/
Behaviour
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Unpacked files
SH256 hash:
02ca51cfdba274d2df1c3ee291a6018dec004cce0012d0bea0e4406d5a060499
MD5 hash:
8edd8e914c197432324a0af09f8edf64
SHA1 hash:
d6ad05102b8f628d3a7fe5646166086b59019f2d
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/2c160b43-0542-4aa4-88e5-6e940cfa2836/
Parent samples :
091ee9a9dd7f5501d96e04c9d7cfda6bb6cf3cdcb308f2ef293c123f675d56a7
59beb29d06be48da8c6b6719d5840614cd4d55f1a4da75653ba41c2d2e407b55
80f0607db29814c032dd81fabf31e3c7e1134c5cf9fde17d639556381d5299d3
d5c5a22d496c874ed4da5e38cae2c72cc94bc9238e9385f05e7c0b11b87ff35a
f099d1a0b66cc96504494723d26bf5db6a92218a39ff036cbc05b067c0f0ff6a
b4b0d2468c23ab82e82ad967c641e703b623436f950b6a7be1c5ee7211deef15
19e1615b05d89f0268b47c11407aa8023a65d704dadba3660557d81dd3e507cb
f4e89acd2fe686f7b8006dec8326057703ce9ae4c2636a6119ae48ef4db1fdcb
75114eeae6429f297193678413f5523eea5e25474745d3c9f29f3a519143a3f3
9f60a157b1a91cc18125825a286baaf011e65b0808be4adda258c3180f0be3ac
67d16a17f27f15cf21671ccb406e1e8b647aaf90c72c9b276bdbc7eb788ab0c3
79353b4beb5c15fb26a1a4e35742da675a5adeff230f9a4d8f3577d47e263e97
7dab69ecef0dc000e97634c8bf2840242b9e75038f32c0eac5eb79772309e43c
78d2e3ffb53da033d7df217d5a67ea52dbac7928cb77d907307a1c77b4453cfe
f0c98f4c47a7f3890884cea6e1e84d19fd63eeed8b05ba9cb367707a0f28aeba
830de75be32c7b749962b6ba9b8f9bb50db8bb9145653fa9e38f33715732ded4
450e075bf8a574b403096f9ffb1cd87857ee543771ed744c63012e6613807b0e
47d10ac8920b58c08d0da346b4f1b8527977dc053a87185e052cbdc538f172f4
0c791330b6c9714529cf845649a17339f96df293f02bf550e6c4e007faf6a9e8
2e1b565f42f99e8d17cd485f47d9fc6018a809b168a860ece96441aecc709a0c
8c9a9047c056ec7ce9b5b5c9df7934bcb265e3854994ee98f437b3c821b20408
d690f8acb2be07e4c3c00c177e4541fe6152f82fa719b911a9ae41987e0325ea
3255394172556a89378c6a369e4d88fcd1992017cf1eeb7ee2794495758bf785
fe1990750afee81d40a30939cdbd0b3005f5817c23592e8670619fcfec895426
e838650dcbc88fd2e8ce7f9dcbdf9f1afba6a007e133c87e73597ad947695c89
e6f0ab95e920970099a345f11ea0637ece8c061b0a73c74ecaffc072c68a0766
884429c12ac459c21450fb85cd1c3a05cb83d4eeff21132ffd8e6fefd1df1e13
d4a432f1248930343a999a11dbcf5c7790f7c0d4856200aba7d20f956455fa2e
a56a640c907fb37b76e27091785c28b2b182967cf7c3c9f2a78d5e72fd754e99
990fc57523f695bbd5814b6b66bf0e3caecd7ccd66900c41faa2edb9ec3e3ea2
e021c2eeab7d9fa1bfafa82502b1d9b5e4bea406ee10193fa0d7d2e8ee535efd
2b2394b8ecbee2ffe037f5eb6912ce33e6a1800a7c2ab772d2136e55dcad5693
4536b4f09029d0abdc6d7b2fac07d6df06b6a7f3ba38e8f8de143ad3f24098a5
e43a9203ce9b7398946020198e343d697bb2dd9190fe9c36b209a3db35872d7b
0597fec78019b2f9914df4a6c7f5a54eb0129ffb527bf9e7a144246ff6130eba
bdf737ebe428090dc14434f31c606094dcc85e552bd361e48c16fc6b2a74329a
fb4ee55f6d4868657b33a834fa135aa874b26d98e84398b7b8b72da06064e070
0cfff6093535e3816840c50d4f1f4e17a3609a459527194c3cf4076bc4b529de
a10988cafea84ff676e2f8a3c24f9a4f6af043e30437a0673bbfed5034c764f2
c1545e4cff8b74630cf80b0631d197dacedbd3b65725153913c9ebc83e8b9420
19d47c7108f49e1e5c9e6437d3deef5274dde24eedafe76f1ab97aa5f0a223c1
ce7fb6b222f840a7af7d162d6726316e882d57fc1a46f35a53b90e030b0b208b
ec487dae69d41d508b3f771845781e7779174bc36bb393b9bcbe19ecf586d8fc
13d6a16d6626f7c0967e4dfb75112b136eb97a56f50e2239adcfa4f97dad8a1e
af90943b5aa1d71230b58094b949a95bf1dd776130e5740b4e9325cf17e94efb
487f7c670fd41c29794ecf4577efba0790553a1b4895f85a54ac42d2e1f546bd
2ee558d27a472efd85b46f58f827de607e5e631cb1212065837a52c2f19c8f33
c9d25421600d74720606bb7dcdf48c94885f69a0c0228344a3af8652fb74f00d
SH256 hash:
19e1615b05d89f0268b47c11407aa8023a65d704dadba3660557d81dd3e507cb
MD5 hash:
0781995cfad14127f39890b3d8394ff6
SHA1 hash:
f243f980c6984198fa797be4e5124e1303ded32c
Link:
https://www.unpac.me/results/2c160b43-0542-4aa4-88e5-6e940cfa2836/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/19e1615b05d89f0268b47c11407aa8023a65d704dadba3660557d81dd3e507cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/187636/

Comments