MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d6a2c000a65290f3a6cae16c26fe29589795065ad4aeb9d5548efd900969f9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 10

Intelligence 10 IOCs 2 YARA File information Comments

SHA256 hash:	2d6a2c000a65290f3a6cae16c26fe29589795065ad4aeb9d5548efd900969f9d
SHA3-384 hash:	c76165c4a6022c22de4592b1cf3580136dbf223eb2b7b6e91c618cc3a437bd997bb4b109b2a16e29103203109116aaad
SHA1 hash:	705f30fd5a69aaa515d184a415de2bcdb739e0f8
MD5 hash:	f466b9e58cb30856bf9c7bf87d5d0394
humanhash:	carpet-don-glucose-salami
File name:	f466b9e58cb30856bf9c7bf87d5d0394.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	243'712 bytes
First seen:	2022-02-04 08:25:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f475ca0986fe34ed2b7116546d5970ae (2 x RedLineStealer, 1 x RaccoonStealer, 1 x Smoke Loader)
ssdeep	3072:N86JM8HRRTvELjET4xvXziVpW5yus9YbcrxicL11OHUSXWD:Nvq8HrTELJxvXzi5uXexicL1oUH
TLSH	T19F34AE313A80C6F2F4C615309425CFA15BFBF8715AA4814B77E83BAE6F703E09666356
File icon (PE):
dhash icon	367e7c7f767e6e76 (4 x RedLineStealer, 1 x RaccoonStealer, 1 x Stop)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://91.219.236.18/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://91.219.236.18/	https://threatfox.abuse.ch/ioc/378337/
http://2.56.59.26/dima/index.php	https://threatfox.abuse.ch/ioc/379269/

Intelligence

File Origin

# of uploads :

# of downloads :

224

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/232881/

Detection(s):

Win.Malware.Generic-9938273-0

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/5918/overview

Behaviour

MeasuringTime

SystemUptime

EvasionGetTickCount

EvasionQueryPerformanceCounter

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/61fcea296d25ac9e7904b426/reports/cbf71615-2bd7-415b-8a21-dc1ce7f03047/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/39dfd207-9e8b-4ab4-9896-c9bc6580ed6a

Result

Threat name:

SmokeLoader

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/934325

Behaviour

Behavior Graph:

n/a

Gathering data

Threat name:

Win32.Trojan.Smokeloader

Status:

Malicious

First seen:

2022-02-04 08:26:08 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fvvcyaakmuuq6otmvylme37cswexsudfvvfoxhkvjdx5saewt6oq._file

Result

Malware family:

smokeloader

Score:

10/10

Tags:

family:smokeloader backdoor trojan

Link:

https://tria.ge/reports/220204-kbvbysfgd3/

Behaviour

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Deletes itself

SmokeLoader

Malware Config

C2 Extraction:

http://host-data-coin-11.com/
http://file-coin-host-12.com/

Unpacked files

SH256 hash:

721d393191597d49d856baef2fbde75e48f52d0465e2cfabf1a41848b0e05589

MD5 hash:

b984a027c8a2abf874f3eb306a831613

SHA1 hash:

d3b3f8890adc840b0bd411cf304eef15d415ed48

Link:

https://www.unpac.me/results/6c426691-4edb-42db-8537-fdf6b132d4b9/

Parent samples :

fb9b41efdc7c2d9e8cfda4be223831a9d2f4d21366759da64e04bbbb9e662766
bc9d49f4f0d51c57b34515616d5e6a23a37fec03f8884d8305db0806bd6138fc
ecb96fec4db4a1eecef04c8ef12b260bb419407111c1263664749481b7fa5387
98c920233869ce802fb4722f982fc1a8c2461e2a01ea4a619a9532a660acf285
2fde1682e006e27b2deb49595ab3baf37a836577fbe9efdfae59d4b6b682d8b7
2374069183727dd5904a26027c80032f30dcff60d25019578876c0b37fa9c224
bd3030832602591f05fe01ef11feaa3b9fe776b2a184eb454f02cae3ab73340b
a0f15f4665835bb7f3b07d5e96d2b08af8e88614c9b22fc9fff86f4f60ee1a8e
c91dec1cd5b97079481c76d5d597dde67b60c301ea900eab7db99776d52b465a

SH256 hash:

2d6a2c000a65290f3a6cae16c26fe29589795065ad4aeb9d5548efd900969f9d

MD5 hash:

f466b9e58cb30856bf9c7bf87d5d0394

SHA1 hash:

705f30fd5a69aaa515d184a415de2bcdb739e0f8

Link:

https://www.unpac.me/results/6c426691-4edb-42db-8537-fdf6b132d4b9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2d6a2c000a65290f3a6cae16c26fe29589795065ad4aeb9d5548efd900969f9d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

exe 2d6a2c000a65290f3a6cae16c26fe29589795065ad4aeb9d5548efd900969f9d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2020731/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2013897/

Cape

https://www.capesandbox.com/analysis/232881/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample