MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ee261129b9e2370a045116534b6d9669c8b2d9315ba2f1a9124888a60bc5acf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ee261129b9e2370a045116534b6d9669c8b2d9315ba2f1a9124888a60bc5acf
SHA3-384 hash: d2c5edbb513115959eb0a8f1fadc2fccb6f644ead1a5c1fe02d8d8a4aa63675cadcdd3eeea520e4aa3f8f68d125abd8d
SHA1 hash: 737686816b88d96fa63edfd916da29d882f8ea55
MD5 hash: 80ea5601dfddd352cad47e20c2e77f86
humanhash: tango-paris-diet-zebra
File name:80ea5601dfddd352cad47e20c2e77f86
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:602'112 bytes
First seen:2022-01-18 00:33:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6d8809088101df222b4da2c9c6c93c39 (2 x RedLineStealer, 2 x RaccoonStealer, 1 x Loki)
ssdeep 12288:iHlOgMY0jVVDun8TVELDS9U9m6Y/PvyLjBE07qoarfXnsH2J/MfW+1mD:aPMYsVun8TVELO9U9m6YfyJE07AbXsHM
Threatray 5'948 similar samples on MalwareBazaar
TLSH T145D4CF00A790D039F6F722F449BAA3A8753EBAF1572451CB62D516EE97346E0ED3130B
File icon (PE):PE icon
dhash icon 2dec1378399b9b91 (25 x Smoke Loader, 22 x RedLineStealer, 7 x RaccoonStealer)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
80ea5601dfddd352cad47e20c2e77f86
Verdict:
Malicious activity
Analysis date:
2022-01-18 01:04:10 UTC
Tags:
trojan stealer raccoon
Link:
https://app.any.run/tasks/d9251966-d0c9-4176-9156-6e4bee493fdc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/220014/
Detection(s):
Win.Dropper.Mikey-9917324-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending an HTTP GET request
DNS request
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/4504/overview
Behaviour
MalwareBazaar
SystemUptime
CPUID_Instruction
MeasuringTime
CheckCmdLine
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cybergate greyware mikey packed racealer
Link:
https://www.filescan.io/uploads/61e60b04d32385db63fe4dc1/reports/5f0c65c2-9489-45d9-9e67-c2391a3355fd/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ce11b0ea-9d2b-4333-b32a-9655678c26c2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/922119
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ee261129b9e2370a045116534b6d9669c8b2d9315ba2f1a9124888a60bc5acf/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2022-01-17 19:47:20 UTC
File Type:
PE (Exe)
Extracted files:
28
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d3rgceu3tyrxbicfcfstjnwzm2oiwlmtcw5c6gureseiuyf4llhq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
13bd79973e4ef8b4aa86d1312aac011abb3d7a0f39c0b547cdb64cca5bb4b8d0
RaccoonStealer
1b7b6ef3fc21c58be4121dcd66b8e3b1231c0bb49f6e256460cc213775f4dd90
RaccoonStealer
651ec7ce006f15814fd50aa268befe7677076066a3523014fe97eba3e627ce57
RaccoonStealer
770c6d5dcaf1f5b8ca34f21ec6b9b92e4cf90af42e30f48528e3f0b17fb2841e
RaccoonStealer
97c3fc48c8ecb71c1e9d251edd6ca458fe194efbfb297b254b354b3236963a9f
RaccoonStealer
dcf0e6d3caaf3860dd95adaa7735485a708499234f26c7c31320833a442316df
RaccoonStealer
e93dc5ab7d1c5a90a33dd83f1930c365a6b6481496b60c5203c8277c37e9ed5c
RaccoonStealer
e9462358c03fb7c1062a50fe0c8d7d4538eb51292d8683d544ca390349f4ec3a
RaccoonStealer
+ 5'938 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:628dbe616eb46c5e66398ea6a12fa931e1f38eaf stealer
Link:
https://tria.ge/reports/220118-awvhcaehgj/
Behaviour
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Raccoon
Unpacked files
SH256 hash:
6def4f5419e4cc709f1b496834a6bb3c67d71dcb082d0dcf22859b4418b9eb89
MD5 hash:
bc11f5bff1d54e02ba53ee76d13bf886
SHA1 hash:
6225b8a2f5794f68591ffa6c59cbbe7e34451226
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/4a8ea870-9309-45b5-af0a-2ae6917f0d17/
SH256 hash:
1ee261129b9e2370a045116534b6d9669c8b2d9315ba2f1a9124888a60bc5acf
MD5 hash:
80ea5601dfddd352cad47e20c2e77f86
SHA1 hash:
737686816b88d96fa63edfd916da29d882f8ea55
Link:
https://www.unpac.me/results/4a8ea870-9309-45b5-af0a-2ae6917f0d17/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1ee261129b9e2370a045116534b6d9669c8b2d9315ba2f1a9124888a60bc5acf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 1ee261129b9e2370a045116534b6d9669c8b2d9315ba2f1a9124888a60bc5acf

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1984982/
Cape
Cape
https://www.capesandbox.com/analysis/220014/

Comments