MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 360f2daa601a407296f2a123346526c790bc1a03f974bad4379e0c534056182e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 360f2daa601a407296f2a123346526c790bc1a03f974bad4379e0c534056182e
SHA3-384 hash: 3a6faf166af086e4a65a81a85e766f895f3210b4de989f693fbe706b15a024575fd214ae4d7835bb0663252c02b74c11
SHA1 hash: 8d90c7b792eff70d78bc00426fd0ea0618e7c5e6
MD5 hash: bc8905c3958b8b5f581a9045d58c9966
humanhash: winner-green-summer-summer
File name:bc8905c3958b8b5f581a9045d58c9966
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:651'136 bytes
First seen:2022-01-15 06:13:40 UTC
Last seen:2022-01-15 07:33:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 71add84b94d4b4bc13ebdd0143d4adab (1 x RaccoonStealer)
ssdeep 12288:RoDmR0LSmXI1XOiQ3V11xOMGdzEVO60ZuNreSNcXf5R5y:Roa028I1XDUzh8DENCSNcXXQ
Threatray 5'895 similar samples on MalwareBazaar
TLSH T1CAD423A8FF19DA00C1160C3D789B81B9D355EC0FC9A235D4C7E3BB8B7A25582A0B9577
File icon (PE):PE icon
dhash icon d4ccace968ecccca (1 x RedLineStealer, 1 x AZORult, 1 x RaccoonStealer)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
210
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
bc8905c3958b8b5f581a9045d58c9966
Verdict:
Malicious activity
Analysis date:
2022-01-15 06:17:10 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/2edfb628-7f7b-4a23-a9ba-f39cdd00f08e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/219437/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.23980.21038.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for analyzing tools
Searching for the window
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Sending an HTTP POST request
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/61e26633e997359713f0be50/reports/aa84caef-04ac-4d8b-b386-aff4756b9ecb/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b4eda053-119b-40a4-b2f2-2bcb1d8db34e
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/921056
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade analysis by execution special instruction which cause usermode exception
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/360f2daa601a407296f2a123346526c790bc1a03f974bad4379e0c534056182e/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2022-01-15 00:38:28 UTC
File Type:
PE (Exe)
Extracted files:
29
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gyhs3ktadjahffxsuertizjgy6ilygqd7f2lvvbxtygfgqcwdaxa._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
078e506c4e20407cceedfc077550269a46504c5c845b0142d4b4c426490a8199
RaccoonStealer
336b73345346ecc0c06d050402fba00e1301be6c4989b448e7cc11c967722d7c
RaccoonStealer
48dff412033a3a097d61ed43f3432268bc1e85c51573339686b00879e820f32c
RaccoonStealer
5a596e7c0f64b2c7f19ff48ef15b1b916845a36100cf76c236a3448a85e3c3dd
RaccoonStealer
a457d8e2fd8793653224c3e906c19ca23487de6881d1fd39c4652f336957ab5d
RaccoonStealer
a486da5d4b90a37ab4e1f6bf3160af7f355d4eb1dc4466a8b48a1297ba1ea53a
RaccoonStealer
abb67941245047889df4a4cec2e3f533b4085f393281fba6db017a2c7153be5c
RaccoonStealer
ae63c29c973c00ec890a1f90909c3e1c05a975fe960e2e0794b99e6856e0be75
RaccoonStealer
ee2a69a595644abf1c49894aaca322801c83a124cec7656a0a5df69ad29c10fb
RaccoonStealer
f496b1e5f8cddecb0f7524d1d417142d4d70fa0d805672c92008e20e943b3a8b
RaccoonStealer
+ 5'885 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon stealer
Link:
https://tria.ge/reports/220115-gzcv2addak/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Raccoon
Unpacked files
SH256 hash:
23712c0726b725fe3467fb03c8834fe7b36e53c7c48906b78b20f3ed70d16f71
MD5 hash:
70d3117457a0fb866fc52eae83cc33f0
SHA1 hash:
1275b232bb13aeb1d0092dc2ab07516fbbcfc6b0
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/858fa05f-ee52-4d0f-aa3d-e3f31b7d485c/
SH256 hash:
360f2daa601a407296f2a123346526c790bc1a03f974bad4379e0c534056182e
MD5 hash:
bc8905c3958b8b5f581a9045d58c9966
SHA1 hash:
8d90c7b792eff70d78bc00426fd0ea0618e7c5e6
Link:
https://www.unpac.me/results/858fa05f-ee52-4d0f-aa3d-e3f31b7d485c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/360f2daa601a407296f2a123346526c790bc1a03f974bad4379e0c534056182e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Raccoon stealer payload
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 360f2daa601a407296f2a123346526c790bc1a03f974bad4379e0c534056182e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1978293/
Cape
Cape
https://www.capesandbox.com/analysis/219437/

Comments


Avatar
zbet commented on 2022-01-15 06:13:43 UTC

url : hxxp://81.163.30.181/111.exe