MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32ac95748a85427b8a012e109db4252d4c08957ec58200cc6d19fd70253ae55b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 11


Intelligence 11 IOCs YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32ac95748a85427b8a012e109db4252d4c08957ec58200cc6d19fd70253ae55b
SHA3-384 hash: 98bef5916f779314dbde9224cb005eb1d833960d050a7f3cc2cb388c614a1128354e32900fbf1b3f3d277b26ea0aeb2d
SHA1 hash: 1443da8c573a9e774a76342a128fc3951b12de53
MD5 hash: 78efda53ac8c6c067aa58a6651391dca
humanhash: floor-mountain-ceiling-hamper
File name:78efda53ac8c6c067aa58a6651391dca
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:4'129'792 bytes
First seen:2022-01-14 02:28:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c284fa365c4442728ac859c0f9ed4dc5 (94 x RedLineStealer, 10 x RaccoonStealer, 8 x CoinMiner)
ssdeep 98304:Pp2Q/xUViBTs6eKs70czRucxu6XLG4j8BlMtHLfxdx:Ppf/WUTsvKs7nDxuJOHL5dx
Threatray 390 similar samples on MalwareBazaar
TLSH T1D51633402F711CA6D24479B6013D1B71C92B6EC5CA0BBE42FE31947EDEEB9120A4E67D
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
259
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
78efda53ac8c6c067aa58a6651391dca
Verdict:
Suspicious activity
Analysis date:
2022-01-14 02:33:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/72c61a53-9ff9-43dc-aaef-224fb0ad5830

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/219203/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Pwsx-9908841-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Sending an HTTP POST request
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed raccoon
Link:
https://www.filescan.io/uploads/61e0dff6e997359713e98724/reports/c6faa098-42ec-4f73-aeca-b05810ce9b3c/overview
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/940807b8-49f5-4803-9439-590f3a7e78a0
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/920521
Signature
Allocates memory in foreign processes
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
PE file has nameless sections
Writes to foreign memory regions
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/32ac95748a85427b8a012e109db4252d4c08957ec58200cc6d19fd70253ae55b/
Threat name:
Win32.Trojan.StellarStealer
Create hunting rule
Status:
Malicious
First seen:
2022-01-12 23:21:24 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
31 of 43 (72.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gkwjk5ekqvbhxcqbfyij3nbffvgarfl6ywbabtdndh6xajj24vnq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
15ec70046b6bcf402d46edfc374574ada52bb672a956d38b9c04677873c59543
RaccoonStealer
1bbee1727c791557b1119c32a93c58964414a1cce3dcc0601f92bb628e033a59
RaccoonStealer
63680cb50ca4c6ec5837dbc45a9a58f9b27fd33fb47e37e4e848225d0d0a1f2f
RaccoonStealer
932fda59abbce6378d0637c359b61b0747c9602e2e87d3105bb49ad745ed382e
RaccoonStealer
9c183568a371d5bfd048cb80caed15756b50d8cb7f5e3e8ec6bce045c35216ed
RaccoonStealer
b1639975ad1d3f9da541095c77e375e5bae1081eb1efa225525b23bbf992b210
RaccoonStealer
e670a645b65e5a4deadb6d555fa4f2bc88ef92a5e9657419f410bd1cc076f407
RaccoonStealer
ec031c507f1d160b228a5de8719daecb7db5cbc18bf41b90f77d79678b4dbcb7
RaccoonStealer
+ 380 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220114-cylpbseafn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Unpacked files
SH256 hash:
9ed4cefae51306f8c8d26880be3d2f936c6215d6764bc285f3ad164fa3ab84fa
MD5 hash:
eab77c1e29d71ca4b8a6897f01d59acd
SHA1 hash:
2b20881adea9ddfad35c245cfbcbd9d9f1ff80f2
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/f28131fc-5a88-4e74-b504-b1471b217d97/
SH256 hash:
7d52d40ad21bbc01bf52ae2a2a2a3ad38b813af87abda9770b1f75501c446c02
MD5 hash:
cca53da8a2cf64d737923171ac0c1350
SHA1 hash:
f384ee2c5d1cfed88c93ac4ea3db3820b1b73b81
Link:
https://www.unpac.me/results/f28131fc-5a88-4e74-b504-b1471b217d97/
SH256 hash:
32ac95748a85427b8a012e109db4252d4c08957ec58200cc6d19fd70253ae55b
MD5 hash:
78efda53ac8c6c067aa58a6651391dca
SHA1 hash:
1443da8c573a9e774a76342a128fc3951b12de53
Link:
https://www.unpac.me/results/f28131fc-5a88-4e74-b504-b1471b217d97/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.85
Link:
https://yomi.yoroi.company/submissions/32ac95748a85427b8a012e109db4252d4c08957ec58200cc6d19fd70253ae55b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Raccoon stealer payload
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 32ac95748a85427b8a012e109db4252d4c08957ec58200cc6d19fd70253ae55b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1975599/
Cape
Cape
https://www.capesandbox.com/analysis/219203/

Comments


Avatar
zbet commented on 2022-01-14 02:28:13 UTC

url : hxxp://45.11.186.24/myblog/posts/398.exe