MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d54e0a38b0f02e204233f6a842d765fc7efb0e72f35302493e60bcdfd841a17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d54e0a38b0f02e204233f6a842d765fc7efb0e72f35302493e60bcdfd841a17
SHA3-384 hash: f1f0d390678bbc3343cf93e22a3d588bd90c2c4b02745c51271a08da6abf183b1a1bbdceea75726c435949fdb8e1f486
SHA1 hash: 5867a7137b4346ab95587fb84d2076411675a438
MD5 hash: 6ac97f2adaad0b92fa522d9bef189ae4
humanhash: hot-west-kilo-sink
File name:6ac97f2adaad0b92fa522d9bef189ae4.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:480'256 bytes
First seen:2021-08-14 06:59:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b09961d8006e7ff4bbe247dfce906b36 (5 x RaccoonStealer, 3 x RedLineStealer, 2 x Smoke Loader)
ssdeep 6144:xHLH0vFx4P+rvMGF63MBjMTeAs8nkC26n+W0Z90kOgqtn/SV1yCxD5/mORO5Ci:ZwvFx4IU9cBOeT96+HZDOUV8CyO7i
Threatray 3'984 similar samples on MalwareBazaar
TLSH T12DA401D179A3E5BEC194EDF008B0D379237568214A11854F629C3F6A2A3B2E342FE3D5
dhash icon 48b9b2b0e8c38890 (13 x RaccoonStealer, 5 x RedLineStealer, 3 x Glupteba)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
168
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6ac97f2adaad0b92fa522d9bef189ae4.exe
Verdict:
Malicious activity
Analysis date:
2021-08-14 07:16:34 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/f9505923-c617-469a-9225-9c6a7c0d2068

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/179182/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader41.11405.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Connection attempt to an infection source
Connection attempt
Sending an HTTP POST request
Sending a UDP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d81424cc-10b7-42f1-86d3-4b2fd06888a4
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/832803
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/2d54e0a38b0f02e204233f6a842d765fc7efb0e72f35302493e60bcdfd841a17/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-08-13 20:33:36 UTC
AV detection:
19 of 43 (44.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
14e4824be0683d1089694045fb18bfef2da645ab2c4c8b07158894e9d9ec2a1b
RaccoonStealer
31452b50fe8475fa4566b814ed702c6910029ff66db45d3dbb21c2e3ed63594f
RaccoonStealer
64c1dfd4d78c54982f2908ecb8a61479adb6dd75a68c2ace5617d9a8de482298
RaccoonStealer
76c2e3afa7f0a8f45c84517763a838292b92768e88c7c801f2b8e8ef2381e907
RaccoonStealer
806ed2c49bd059dced46432ab56ba22b0a79af0933d999ce86ee95507b9009b8
RaccoonStealer
9dc0631ea1726b49d0e25b634b6e57253951088f4d007b00407118fcd82fa272
RaccoonStealer
d1c619e1afe873b97c09c8068b30efcaafffbfdfb0dce63cad7f1a8394e260a8
RaccoonStealer
e02eee1586a84d7d556d451ae08a9a0fb39d14e5f9dcc51102439e030fec3a70
RaccoonStealer
f2d87a0f7c8a4b36703946b849c0468e06005ddd3fcf2a6f8665e5c6447733c1
RaccoonStealer
f5e61fcc4300b16d273ba8e0a957ad8cc89f757d5329409cfed0dea6ae64c322
RaccoonStealer
+ 3'974 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:93d3ccba4a3cbd5e268873fc1760b2335272e198 discovery spyware stealer
Link:
https://tria.ge/reports/210814-g2tmfh2f4x/
Behaviour
Creates scheduled task(s)
Delays execution with timeout.exe
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Executes dropped EXE
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
5dca9ace1e4653b9ecf1230d82ac264a95cedc3cae84293dab0c27aed4bc61ce
MD5 hash:
957f1f62f315614de9ae470d59cdc704
SHA1 hash:
005b508e4cf798e180c7b92c7061ed3f3ead0d42
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/f60de6d2-8a05-4f31-9e5d-e1016640254c/
Parent samples :
da6edc1276fab7bfa04b08b6dfcea00e185aa8cefe53c2b1d11529067871ab44
f5e61fcc4300b16d273ba8e0a957ad8cc89f757d5329409cfed0dea6ae64c322
d0e8d7a631a88b4a1e213be9d37a104469fa2217df5853cc5070ed50a5790c7d
39804d887b31f48334e49bb8c285556c06bca9c9a9dfaec5d9f8fee609648bc6
14e4824be0683d1089694045fb18bfef2da645ab2c4c8b07158894e9d9ec2a1b
d1c619e1afe873b97c09c8068b30efcaafffbfdfb0dce63cad7f1a8394e260a8
5978984d7f8a80cba8b94b3e4e973eeb6218f82535ea8e55aca5deb8830afc2c
64c1dfd4d78c54982f2908ecb8a61479adb6dd75a68c2ace5617d9a8de482298
76c2e3afa7f0a8f45c84517763a838292b92768e88c7c801f2b8e8ef2381e907
e02eee1586a84d7d556d451ae08a9a0fb39d14e5f9dcc51102439e030fec3a70
806ed2c49bd059dced46432ab56ba22b0a79af0933d999ce86ee95507b9009b8
f2d87a0f7c8a4b36703946b849c0468e06005ddd3fcf2a6f8665e5c6447733c1
9dc0631ea1726b49d0e25b634b6e57253951088f4d007b00407118fcd82fa272
764fde7f31d06b2abf47c6ebe506d0843d6188f8066bba84dd99235d9b3be8fa
65a54e89f60b25715ee91d43b0ff2634e643de22a35af6c182b080a33778da85
2d54e0a38b0f02e204233f6a842d765fc7efb0e72f35302493e60bcdfd841a17
adf56d5514f9ff609943983010d3fc67ac0b29d5f92ac9adc25bafba79bad88a
2884983044037369de29a626a68e63b23010e7840bc2af82f9f85510c283b597
bdb12e8227f12fc06392f619e23e9bef8fef74dc637027bfad13b0e4ee02af8a
704ea934e75448ed30e38117fe27b81b6dfdeb0f2a498bd0ae5474ec3d5014d7
acf073ae5f8b4e643367dc746674f1e228ecc8e94e9327a70b176b21a0dda604
a267e0d83b4ece8957283582de37e53a2d0d66938a29ca621592f5ccf0b416a8
0a122a9c5b9ca7f66424aa64cdb7dc9c5d4093583e9afb89a26c6dd0f6587ea3
0eb888bce9b8004afc5ff570dda6538606cc9e76cc16c6b856e10172ac9300e8
dfe17befba0a9abd5a9f8db647be53e6a8dbfc8e2ba9b217088714a5eff7ed70
34033f216c83ba1f02e6e0150ed9d8b1b7322eddeead85da35f212635e389f01
eb521300b6ee49fdaad2d339f8389528bd676124d78b2490a238d8f439574635
89345900ae900c3173451251fd43261dc523c71a11ea8ceb189118274d76328e
8a4fbdcb745421e4126672995940c80e9e391bf10cac6fa29185bef7d38682d4
a7242d808b6dd1f25322513d2caa725c24c9f644b77cf29147574866aa9877f2
20737f14abb4e1ee87c383825e911f8043d285f5f8019609e620bf18a66ca72c
de3c93fe49775276393b43a5e39d71b9ade06756977134f2b7ec0204def6b374
fcbb50a296ee18e6b9faa18e6ccc93294d0068307e1e01d7edea2603d08add81
a154eb237db3b28b5c54b2d61304be223d4290d2a70ccb783578437f72f36dc1
3ef72c722e5a25479588a8f0460eb939dcff7b52e610a0c415bb8b562f421159
6a48934151f7e361955ce4a357042798ef3c12f5686eab6255910992770dad13
90acd1725a515f9f61d6c625dc5d347046f8160a87ec10282435eadffe9d7177
f69c70945360bf5512ffb5ecddf623001764b8218d486793c7daae1e7a0f281d
84dee83ee172871a49fbf587ecf00248690f11a32f9dff57dde1a84c84f2ea36
3de373b84c3ad1a48887e964bd0873b6a4e9f4107730a4d3c9204d87a4e0b5f4
03bd08dfdc557bf5a36855d4b9e5d364117804639e1486784a33e6d32800e368
4200a6c60752a877536a362b4964b66c55b43d8ade0c9e2f746c532968e3e507
SH256 hash:
2d54e0a38b0f02e204233f6a842d765fc7efb0e72f35302493e60bcdfd841a17
MD5 hash:
6ac97f2adaad0b92fa522d9bef189ae4
SHA1 hash:
5867a7137b4346ab95587fb84d2076411675a438
Link:
https://www.unpac.me/results/f60de6d2-8a05-4f31-9e5d-e1016640254c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2d54e0a38b0f02e204233f6a842d765fc7efb0e72f35302493e60bcdfd841a17

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 2d54e0a38b0f02e204233f6a842d765fc7efb0e72f35302493e60bcdfd841a17

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/179182/
  
URLhaus
https://urlhaus.abuse.ch/url/1524265/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1525457/

Comments