MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36dbd261a7559865cd8fcf4b437758e113c89cfd05dda604a646f343dda2abe6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 10

Intelligence 10 IOCs 1 YARA File information Comments

SHA256 hash:	36dbd261a7559865cd8fcf4b437758e113c89cfd05dda604a646f343dda2abe6
SHA3-384 hash:	65ae93c67d05be996e7c801630cb48988fd85f83568cd3b45e68ca5f441c5aa31d6a4ff26860c0d13f0dbd4935839ebe
SHA1 hash:	522bb1afaf4df03bb477fa81fef9fcfe7a06bd85
MD5 hash:	59d49b51afa435d2695e7d84bee135e1
humanhash:	fruit-football-saturn-illinois
File name:	59D49B51AFA435D2695E7D84BEE135E1.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	17'147'074 bytes
First seen:	2021-08-30 22:47:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	eb5bc6ff6263b364dfbfb78bdb48ed59 (54 x Adware.Generic, 18 x RaccoonStealer, 8 x Adware.ExtenBro)
ssdeep	393216:lolMJCXup7T1lLLpCUFXyLZ2bLG7h2clq1A2AUQ6:l8X819iZYNug
Threatray	2'985 similar samples on MalwareBazaar
TLSH	T1BA07332BB295A53DD4AA2B350573A11088FBBB2DE4177E5627E0C48CCF365C01E3BE65
dhash icon	c0d4ec80b0b4b4e4 (5 x RaccoonStealer, 4 x RedLineStealer, 4 x LummaStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://5.181.156.120/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://5.181.156.120/	https://threatfox.abuse.ch/ioc/203162/

Intelligence

File Origin

# of uploads :

# of downloads :

126

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

59D49B51AFA435D2695E7D84BEE135E1.exe

Verdict:

Suspicious activity

Analysis date:

2021-08-30 22:49:48 UTC

Tags:

installer

Link:

https://app.any.run/tasks/9702bbcf-9335-4739-9bed-aee07bef7f73

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

PUA.Win.Packer.Exe-6

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Creating a file in the Program Files subdirectories

Moving a file to the Program Files subdirectory

Creating a file

Moving a recently created file

Deleting a recently created file

Running batch commands

Creating a process with a hidden window

Launching a process

Replacing files

Blocking the Windows Defender launch

Unauthorized injection to a recently created process

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/eb6b6c50-2b49-4ad0-be38-8314ad9c7926

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/36dbd261a7559865cd8fcf4b437758e113c89cfd05dda604a646f343dda2abe6/

Threat name:

Win32.Trojan.Pasnaino

Status:

Malicious

First seen:

2021-08-29 01:04:10 UTC

AV detection:

8 of 26 (30.77%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=g3n5eynhkwmgltmpz5fug52y4ej4rhh5axo2mbfgi3zuhxncvpta._file

Verdict:

malicious

RaccoonStealer

72464c7a10469277dad3ff7f30c51f1d3db03076b2feb2e2ac33a9749d44e64d

RaccoonStealer

7fefb4ac689e7334f5d66e01673dda50a293bbd7bca0bf3da972f01d32f54587

RaccoonStealer

895100760e67763505b9cad311be16b533db48d1f2cb28424a98495406220a2f

RaccoonStealer

d8eb6d3fe02a890173827c242182acd22aa699e4bbd918fd22b95c00aa3a6445

RaccoonStealer

da8777fa1ea919560e5fd0fcad56f265546fa9fa5e061776705da8a79ec1ca7c

RaccoonStealer

debc1a729e69d48bab2082aab44d8aae428066d42379838464dadecba5066852

RaccoonStealer

fa40dc2c8055f953099d7d354ba97fbf3a5f3aa501ce95cb8cefa810b80ea5d4

RaccoonStealer

ff1ddb96f4984d4ed65016ca7814432d51a08fe090fae4907e85926469e880da

RaccoonStealer

+ 2'975 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:3659cc597a258a4a805c5672721af02cdb861a23 agilenet discovery evasion spyware stealer trojan

Link:

https://tria.ge/reports/210830-21at6sqd1e/

Behaviour

Creates scheduled task(s)

Delays execution with timeout.exe

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops file in Program Files directory

Suspicious use of SetThreadContext

Checks installed software on the system

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Downloads MZ/PE file

Executes dropped EXE

Modifies Windows Defender Real-time Protection settings

Modifies security service

Raccoon

Unpacked files

SH256 hash:

697cf9b7a364edac75cd0451aed93b09a477fb7a345758416084d6f65b501c0a

MD5 hash:

259d2f304354aa7635e11272f1f736f3

SHA1 hash:

4deb8eb3b858f04a328e48a4e4b0a22453ef8068

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

44b8e6a310564338968158a1ed88c8535dece20acb06c5e22d87953c261dfed0

MD5 hash:

9c8886759e736d3f27674e0fff63d40a

SHA1 hash:

ceff6a7b106c3262d9e8496d2ab319821b100541

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

2cb9ac0bb9995c1351a97b48867722f42d720dfd11e4459577bfd8c68d0a9c85

MD5 hash:

76a43227847b006e7dd8a9c4390011ae

SHA1 hash:

b0115e4ea328578d473bedeaf8d494c917484f69

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

4cd34502895c8369b613ad45631d22a9414d1c9e8d61a1adc345c4290a4d8ffc

MD5 hash:

71da7fec095a4aade8fc1146622eef1c

SHA1 hash:

a0f22fec2a84454697b748c000c4288a939c1dd4

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

28ad1018827596e36f34b8c63a1f4fe6c6e7012954fcf2c45ba6320dd3fbb02c

MD5 hash:

a0e39afa1b3cd684829c56cb7b267da8

SHA1 hash:

8e5805e1a415588bbf60be24806caf91501dcb40

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

641f8ac075f4635617793a448cf69fd04f3326473838475284d3420a5767bb1a

MD5 hash:

758a2163a127489deb358f21b0b68510

SHA1 hash:

9ce554793fc6024b5246fe32fb213092ec6a61fb

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

86a547b7911d8ef03b3011bce67d3a4664821042525cdbfadefe9be31dc271c5

MD5 hash:

05564ac0a61a7d86e01500f973316072

SHA1 hash:

2380be5c8f707b036ea59e43d4581708ac9bab37

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

c572a666cedd96db409aa041c022cc40703aba7ad3b47de32d26bffd78ee8870

MD5 hash:

0ac1d9b42629cf25f9f2fbb9df6cc9c6

SHA1 hash:

05a4d2b421c89b819bc086a3ed67820e3756cb13

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

a7fc85189ec672c4de3cde5dd41d5a218b9556012ad88a4cdfc21a8d41d2cd15

MD5 hash:

81ffe106e6df8d9cafbe46aa10f79eb4

SHA1 hash:

3707ea02bebd9055512cfff94358432aa367c786

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

a359a1cb32b367aab19104b131377a25274b00495bbd2dd63dbd5ecd84580005

MD5 hash:

56925af192d4e062d8e2b8d87bffbcdb

SHA1 hash:

c1f149ba35fd7f629a8cfc9fad516de2d10676ca

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

7ce3b67386af6a7be7600fb3ed161780ee106702e846cde9cec05d36fecb1e44

MD5 hash:

583cb1e997fd02e3cc5f1d8a32a3d445

SHA1 hash:

51c6cc8eb24e75184cc11bd92a8050c30e662cd9

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

724f8f0413808aaa102df264fa9690d2b300aa570ac74a19f10d84d8c4eccd0d

MD5 hash:

d996f811feb30dbb09dcc45b44f42443

SHA1 hash:

a3d05f55bc0dac6cfa0e20a6cf25b0c8e3848f12

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

bea56b3f57672e3408688907017d9d2a8fb146afa7582c5f5e9b68ab0a1dae26

MD5 hash:

512f6bf696fdd6e90b5b1a8c0fa8930c

SHA1 hash:

72c1169223f520066d411231eba3e45f855cdaf4

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

fb1c061b31e7dd1b8bfd5a0f1a1a0eceb848ecde7e435d2ae89e678e91aa6f26

MD5 hash:

662473f1cf10c040d8afec56e1ddf21d

SHA1 hash:

10aa9b19320ce95d3af33433f89abcb8cad7f240

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

721a310cdf3b295359801fc2d46b71d354762ef407e431219fa63967572fe8c3

MD5 hash:

d6cbf30ef4db829b08ab1ec6758e9fad

SHA1 hash:

06107167278d3a0b03395499e0b0baf24ee8f16e

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

999ed85b0bcbfb9fc5e4be83291674d4e66041b7cab6e9a13adfee831b6ce45e

MD5 hash:

7c3769de96f61f310867d32a0fc39e56

SHA1 hash:

0139f565553fd27532a397d537bc34cba1e06eee

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

SH256 hash:

36dbd261a7559865cd8fcf4b437758e113c89cfd05dda604a646f343dda2abe6

MD5 hash:

59d49b51afa435d2695e7d84bee135e1

SHA1 hash:

522bb1afaf4df03bb477fa81fef9fcfe7a06bd85

Link:

https://www.unpac.me/results/45bac42d-85cc-4daa-bb86-5743831bb2a0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/36dbd261a7559865cd8fcf4b437758e113c89cfd05dda604a646f343dda2abe6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample

MalwareBazaar Database

Database Entry

abuse_ch

Indicators Of Compromise (IOCs)

Intelligence

File Origin

Vendor Threat Intelligence

Result

Behaviour

Result

Signature

Behaviour

Result

Behaviour

Unpacked files

File information

Comments

Login required