MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3255394172556a89378c6a369e4d88fcd1992017cf1eeb7ee2794495758bf785. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 13


Intelligence 13 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3255394172556a89378c6a369e4d88fcd1992017cf1eeb7ee2794495758bf785
SHA3-384 hash: acc6659bfcb6c23cfa1cf439cefafd2b4e2c4bc60381ca4633ececf17a9ea9400ada10f17ba26b6c99dac627dfa87766
SHA1 hash: f5514b3e73c0a63f4cd3efc89d8a71f8d37ac14a
MD5 hash: a8cda44c860ff5d2063bd4e5dcf22bf1
humanhash: tennessee-equal-eight-single
File name:SecuriteInfo.com.W32.AIDetect.malware1.1078.8762
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:506'368 bytes
First seen:2021-09-18 01:06:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8771048b1c01475c23bc95fc636ac433 (7 x RaccoonStealer, 4 x RedLineStealer, 1 x DanaBot)
ssdeep 12288:iTY3D0IvsjNwo+BHbSrHdVBUqd/MSOdDMA+uqa/:yY3d75SrF3cI
Threatray 3'083 similar samples on MalwareBazaar
TLSH T196B4F130A6A0C035F0BB12F855BA83A8A53E7EB15F7451CB92D765EE16386F89C30357
dhash icon ead8ac9cc6e68ee0 (118 x RaccoonStealer, 102 x RedLineStealer, 46 x Smoke Loader)
Reporter SecuriteInfoCom
Tags:exe RaccoonStealer

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://194.180.174.95/ https://threatfox.abuse.ch/ioc/223257/

Intelligence

File Origin
# of uploads :
1
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.AIDetect.malware1.1078.8762
Verdict:
Malicious activity
Analysis date:
2021-09-18 01:08:22 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/c757d93e-d7d1-4255-a0fc-c24260f29401

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/188857/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.1078.8762.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/61d73159-7d7e-4546-af28-21e53f5702de
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/853094
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/3255394172556a89378c6a369e4d88fcd1992017cf1eeb7ee2794495758bf785/
Threat name:
Win32.Trojan.RedlineStealer
Create hunting rule
Status:
Malicious
First seen:
2021-09-18 01:07:05 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gjktsqlskvvisn4mni3j4tmi7tizsiaxz4pow7xcpfcjk5ml66cq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
0c791330b6c9714529cf845649a17339f96df293f02bf550e6c4e007faf6a9e8
RaccoonStealer
148c2ff6c877196d1bbdb73f1dc956f5a7dccbab86037648e235c149a3f4eef2
RaccoonStealer
769e6fac3f7be0c7278bf32ec84b6e96690e06c4ed2c4d06df1f790fc97165e5
RaccoonStealer
79353b4beb5c15fb26a1a4e35742da675a5adeff230f9a4d8f3577d47e263e97
RaccoonStealer
7dab69ecef0dc000e97634c8bf2840242b9e75038f32c0eac5eb79772309e43c
RaccoonStealer
b349af407e596fa823ca28d516ac7ce5481550003d45195e26ea535944cc7f5e
RaccoonStealer
be54f94776405673d2e6d5c453d540dc93c8f4057d4abb0e046b77f926ed9db2
RaccoonStealer
bfb1e4895a98b83a61f405199730fea989dc84ab8acf6e6234e4264db179cc84
RaccoonStealer
c342fdfec0daba55c2c00a9f2c141668488b2789db1245b842ecf1f4cb43202a
RaccoonStealer
f0c98f4c47a7f3890884cea6e1e84d19fd63eeed8b05ba9cb367707a0f28aeba
RaccoonStealer
+ 3'073 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon discovery spyware stealer
Link:
https://tria.ge/reports/210918-bgna6abebl/
Behaviour
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Unpacked files
SH256 hash:
02ca51cfdba274d2df1c3ee291a6018dec004cce0012d0bea0e4406d5a060499
MD5 hash:
8edd8e914c197432324a0af09f8edf64
SHA1 hash:
d6ad05102b8f628d3a7fe5646166086b59019f2d
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/2780da24-ef4c-456d-9f8c-2ad1d5f75998/
Parent samples :
091ee9a9dd7f5501d96e04c9d7cfda6bb6cf3cdcb308f2ef293c123f675d56a7
59beb29d06be48da8c6b6719d5840614cd4d55f1a4da75653ba41c2d2e407b55
80f0607db29814c032dd81fabf31e3c7e1134c5cf9fde17d639556381d5299d3
d5c5a22d496c874ed4da5e38cae2c72cc94bc9238e9385f05e7c0b11b87ff35a
f099d1a0b66cc96504494723d26bf5db6a92218a39ff036cbc05b067c0f0ff6a
b4b0d2468c23ab82e82ad967c641e703b623436f950b6a7be1c5ee7211deef15
19e1615b05d89f0268b47c11407aa8023a65d704dadba3660557d81dd3e507cb
f4e89acd2fe686f7b8006dec8326057703ce9ae4c2636a6119ae48ef4db1fdcb
75114eeae6429f297193678413f5523eea5e25474745d3c9f29f3a519143a3f3
9f60a157b1a91cc18125825a286baaf011e65b0808be4adda258c3180f0be3ac
67d16a17f27f15cf21671ccb406e1e8b647aaf90c72c9b276bdbc7eb788ab0c3
79353b4beb5c15fb26a1a4e35742da675a5adeff230f9a4d8f3577d47e263e97
7dab69ecef0dc000e97634c8bf2840242b9e75038f32c0eac5eb79772309e43c
78d2e3ffb53da033d7df217d5a67ea52dbac7928cb77d907307a1c77b4453cfe
f0c98f4c47a7f3890884cea6e1e84d19fd63eeed8b05ba9cb367707a0f28aeba
830de75be32c7b749962b6ba9b8f9bb50db8bb9145653fa9e38f33715732ded4
450e075bf8a574b403096f9ffb1cd87857ee543771ed744c63012e6613807b0e
47d10ac8920b58c08d0da346b4f1b8527977dc053a87185e052cbdc538f172f4
0c791330b6c9714529cf845649a17339f96df293f02bf550e6c4e007faf6a9e8
2e1b565f42f99e8d17cd485f47d9fc6018a809b168a860ece96441aecc709a0c
8c9a9047c056ec7ce9b5b5c9df7934bcb265e3854994ee98f437b3c821b20408
d690f8acb2be07e4c3c00c177e4541fe6152f82fa719b911a9ae41987e0325ea
3255394172556a89378c6a369e4d88fcd1992017cf1eeb7ee2794495758bf785
fe1990750afee81d40a30939cdbd0b3005f5817c23592e8670619fcfec895426
e838650dcbc88fd2e8ce7f9dcbdf9f1afba6a007e133c87e73597ad947695c89
e6f0ab95e920970099a345f11ea0637ece8c061b0a73c74ecaffc072c68a0766
884429c12ac459c21450fb85cd1c3a05cb83d4eeff21132ffd8e6fefd1df1e13
d4a432f1248930343a999a11dbcf5c7790f7c0d4856200aba7d20f956455fa2e
a56a640c907fb37b76e27091785c28b2b182967cf7c3c9f2a78d5e72fd754e99
990fc57523f695bbd5814b6b66bf0e3caecd7ccd66900c41faa2edb9ec3e3ea2
e021c2eeab7d9fa1bfafa82502b1d9b5e4bea406ee10193fa0d7d2e8ee535efd
2b2394b8ecbee2ffe037f5eb6912ce33e6a1800a7c2ab772d2136e55dcad5693
4536b4f09029d0abdc6d7b2fac07d6df06b6a7f3ba38e8f8de143ad3f24098a5
e43a9203ce9b7398946020198e343d697bb2dd9190fe9c36b209a3db35872d7b
0597fec78019b2f9914df4a6c7f5a54eb0129ffb527bf9e7a144246ff6130eba
bdf737ebe428090dc14434f31c606094dcc85e552bd361e48c16fc6b2a74329a
fb4ee55f6d4868657b33a834fa135aa874b26d98e84398b7b8b72da06064e070
0cfff6093535e3816840c50d4f1f4e17a3609a459527194c3cf4076bc4b529de
a10988cafea84ff676e2f8a3c24f9a4f6af043e30437a0673bbfed5034c764f2
c1545e4cff8b74630cf80b0631d197dacedbd3b65725153913c9ebc83e8b9420
19d47c7108f49e1e5c9e6437d3deef5274dde24eedafe76f1ab97aa5f0a223c1
ce7fb6b222f840a7af7d162d6726316e882d57fc1a46f35a53b90e030b0b208b
ec487dae69d41d508b3f771845781e7779174bc36bb393b9bcbe19ecf586d8fc
13d6a16d6626f7c0967e4dfb75112b136eb97a56f50e2239adcfa4f97dad8a1e
af90943b5aa1d71230b58094b949a95bf1dd776130e5740b4e9325cf17e94efb
487f7c670fd41c29794ecf4577efba0790553a1b4895f85a54ac42d2e1f546bd
2ee558d27a472efd85b46f58f827de607e5e631cb1212065837a52c2f19c8f33
c9d25421600d74720606bb7dcdf48c94885f69a0c0228344a3af8652fb74f00d
SH256 hash:
3255394172556a89378c6a369e4d88fcd1992017cf1eeb7ee2794495758bf785
MD5 hash:
a8cda44c860ff5d2063bd4e5dcf22bf1
SHA1 hash:
f5514b3e73c0a63f4cd3efc89d8a71f8d37ac14a
Link:
https://www.unpac.me/results/2780da24-ef4c-456d-9f8c-2ad1d5f75998/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3255394172556a89378c6a369e4d88fcd1992017cf1eeb7ee2794495758bf785

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 3255394172556a89378c6a369e4d88fcd1992017cf1eeb7ee2794495758bf785

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1628653/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/188857/

Comments