MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3653829521ce458cc3baabda0089a847e29e2df5aa900b08258244b5d66f4bc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 11

Intelligence 11 IOCs 1 YARA 4 File information Comments

SHA256 hash:	3653829521ce458cc3baabda0089a847e29e2df5aa900b08258244b5d66f4bc4
SHA3-384 hash:	2886078c7b66597ef4e40b6eccd973f424d228a686448ed13feca05bbbd87189cd286af6eaf051e6a0b27889dd1b93d8
SHA1 hash:	96893450f3086c6adb6840335452e57418dba598
MD5 hash:	c2d56bd6bc9bda917c75d0c8b9ab6b42
humanhash:	glucose-jupiter-nitrogen-hydrogen
File name:	C2D56BD6BC9BDA917C75D0C8B9AB6B42.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	498'176 bytes
First seen:	2021-07-22 11:36:46 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6c734257ddf94eda6ae0d5d1c88d7157 (3 x RaccoonStealer, 1 x BitRAT)
ssdeep	12288:NjIY59D85YlQcYdGurk6GF6zWGYJhU/9:VI69AWrEGPF6zcJG9
Threatray	1'288 similar samples on MalwareBazaar
TLSH	T1FCB4F1217BB1C737D5A74A705874C6A1263BBC632A30708F235B7A1E6E312D1BA79353
dhash icon	01b8b470cccacecc (3 x RaccoonStealer, 1 x KPOTStealer, 1 x DanaBot)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://94.228.114.197/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://94.228.114.197/	https://threatfox.abuse.ch/ioc/162057/

Intelligence

File Origin

# of uploads :

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

C2D56BD6BC9BDA917C75D0C8B9AB6B42.exe

Verdict:

Malicious activity

Analysis date:

2021-07-22 11:40:09 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/ae5e0f01-ce57-42d6-a461-f1dc401c393c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/173288/

Detection(s):

Win.Malware.Generic-9879173-0

Win.Malware.Generic-9879225-0

Win.Malware.Pwsx-9879537-0

Win.Malware.SmokeLoader-9879555-1

Win.Packed.Trojanx-9880095-0

Win.Packed.Zusy-9880099-0

Win.Packed.Trojanx-9880195-0

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/6acf5501-1411-4d03-a835-0f81bcbc7f8c

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/820071

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Infostealer behavior detected

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3653829521ce458cc3baabda0089a847e29e2df5aa900b08258244b5d66f4bc4/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2021-07-20 21:54:26 UTC

AV detection:

25 of 28 (89.29%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gzjyffjbzzcyzq52vpnabcnii7rj4lpvvkiawcbfqjcllvtpjpca._file

Verdict:

malicious

RaccoonStealer

1ced01c2c4455606d8ed1eda83bd1507785d4c97fc8c7967bda90cd91ba82e32

RaccoonStealer

384b35bfb6d07dda3ea948bb9aa47a3024822ff40d21a13932381d6386643acc

RaccoonStealer

4286fc8a5df90759f761ff7c238541af2504327c46855c81f68fb28563969975

RaccoonStealer

9903a60fb9521a9d2c24f5ebc862139708269ce5b287d13a5202626ee8405234

RaccoonStealer

ad22b1e690fac416da97d49ff6a14c7f5ef7804bfadabff993e7bf9d2570c1fa

RaccoonStealer

c5315ad9f0f7467c15868d0400d8f8bd2100a130814aedd922af271d8687eda3

RaccoonStealer

eddbfe52ba633950c388e0303d5a04453f9ba9e3a3cdc60f9a1355707cd209e6

RaccoonStealer

+ 1'278 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210722-t67ek2hdjs/

Behaviour

Modifies system certificate store

Unpacked files

SH256 hash:

e1c0a8db03e0ed45ba0d8708bc68c933bb668e5635b82c41ae9b9c825dfa3c97

MD5 hash:

4f9eee5774c404e1be953b81ee7b2cb6

SHA1 hash:

a8e91c439fe76069e22517192ce33c33c3e87f3d

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/bd71af2b-06e2-451d-9508-e63be75349d0/

SH256 hash:

3653829521ce458cc3baabda0089a847e29e2df5aa900b08258244b5d66f4bc4

MD5 hash:

c2d56bd6bc9bda917c75d0c8b9ab6b42

SHA1 hash:

96893450f3086c6adb6840335452e57418dba598

Link:

https://www.unpac.me/results/bd71af2b-06e2-451d-9508-e63be75349d0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3653829521ce458cc3baabda0089a847e29e2df5aa900b08258244b5d66f4bc4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Detects Raccoon/Racealer infostealer

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/173288/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample