MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 248d5af4e028cadedef29b580ab3a28d5d5d45086fbb99f248f7856761d50454. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 248d5af4e028cadedef29b580ab3a28d5d5d45086fbb99f248f7856761d50454
SHA3-384 hash: 58ea0ffec5a71be0596d05c0fa7a8b78bdbaf27946a65eb41379b6dc25b9673db1b6a0faa78487796c29de7d8eaba966
SHA1 hash: 4edffbf72bfcd3b2f61a4d6a15003db9f6c6dfb7
MD5 hash: da6d00abea40739b694d4691746e62c2
humanhash: tennessee-lima-west-river
File name:da6d00abea40739b694d4691746e62c2.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:658'071 bytes
First seen:2021-11-26 19:18:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a498eee87e4d89512a84502f500181f (138 x AveMariaRAT, 57 x RedLineStealer, 7 x CoinMiner)
ssdeep 12288:4ga/bpc9CMpK81wCGcvB2IX76J/iXZxy7QOciyCZxDlpkUjuRW:4//aCMpwCVQiE/EZxyR3rpJ4
TLSH T1EDE43331AA60B129E48937B070A14CB33C64E3B53EFF7794FA98D64E871506E179EC94
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
da6d00abea40739b694d4691746e62c2.exe
Verdict:
No threats detected
Analysis date:
2021-11-26 19:25:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d3f97264-3a73-4dcb-ae7f-e0fca4458b62

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
PUA.Win.Packer.AsprotectSke-3
Create hunting rule

PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/61a13329f36138de3f3fa4f9/reports/c21886e3-87e5-473e-8624-c36baa216e0d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3713e1a0-e9d5-4318-952a-31ee2ca4110e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/896953
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/248d5af4e028cadedef29b580ab3a28d5d5d45086fbb99f248f7856761d50454/
Threat name:
Win32.Infostealer.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-11-26 19:19:11 UTC
File Type:
PE (Exe)
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=esgvv5hafdfn5xxstnmavm5crvov2riin65zt4si66cwoyovarka._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211126-xzzykahea3/
Unpacked files
SH256 hash:
248d5af4e028cadedef29b580ab3a28d5d5d45086fbb99f248f7856761d50454
MD5 hash:
da6d00abea40739b694d4691746e62c2
SHA1 hash:
4edffbf72bfcd3b2f61a4d6a15003db9f6c6dfb7
Link:
https://www.unpac.me/results/ad229db5-cff3-4460-8a87-1832d84625f8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/248d5af4e028cadedef29b580ab3a28d5d5d45086fbb99f248f7856761d50454

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 248d5af4e028cadedef29b580ab3a28d5d5d45086fbb99f248f7856761d50454

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1809826/
  
Delivery method
Distributed via web download

Comments