MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37adbd4fc155549e6f725c4bc9d540eac67bbf78b0ae893059d860cca52b4aee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 14


Intelligence 14 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37adbd4fc155549e6f725c4bc9d540eac67bbf78b0ae893059d860cca52b4aee
SHA3-384 hash: b19d421d36d6167067f5580113b2854f061412674ecad2224d7b38551e89962cf0fdf93d103c0655d1b8e9f526ffe3d5
SHA1 hash: 3e5a325b92a5afbaf7a9e8a844a608617325de1a
MD5 hash: a2de8d7acbe4742f93124e9a967a7fe8
humanhash: early-romeo-texas-april
File name:a2de8d7acbe4742f93124e9a967a7fe8.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:596'992 bytes
First seen:2021-10-17 15:35:32 UTC
Last seen:2021-10-17 16:55:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 33155a730e036f2480434cae8e547169 (12 x RaccoonStealer, 2 x CryptBot, 1 x TeamBot)
ssdeep 12288:pGoSiM31n7a96uf8ryshnV+W2TBGxXUb6y0mB+Rr8vqDpunwSF0Bz5H:pGoSiiFu9NfuysVV+HTsxXUb0mBqDpuO
Threatray 3'832 similar samples on MalwareBazaar
TLSH T178C4D000A661C039F5B326F489BA5368A52F7EE1672490CB53D52BEE97395E0FD3031B
File icon (PE):PE icon
dhash icon e8f8c8e8aa62a499 (1 x Smoke Loader, 1 x RaccoonStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://185.163.204.33/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://185.163.204.33/ https://threatfox.abuse.ch/ioc/234895/

Intelligence

File Origin
# of uploads :
2
# of downloads :
425
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/197993/
Detection(s):
SecuriteInfo.com.Variant.Ulise.313073.10672.27563.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/668303d2-fb4e-4f46-8a76-e69c0c0a50ad
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/871837
Signature
Antivirus detection for URL or domain
Contains functionality to steal Internet Explorer form passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/37adbd4fc155549e6f725c4bc9d540eac67bbf78b0ae893059d860cca52b4aee/
Threat name:
Win32.Trojan.Ulise
Create hunting rule
Status:
Malicious
First seen:
2021-10-17 15:36:04 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g6w32t6bkvkj433slrf4tvka5ldhxp3ywcxismcz3bqmzjjljlxa._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
1a1eba19f1b9bc5eb62e70dfeda11fb27f7f79bb4c0aa3936d4e982bc0af41c1
RaccoonStealer
2ac3efb66c417b56db8e17b4e9dd6cd11d97c711076fefe71547b0835c7f217d
RaccoonStealer
37adbd4fc155549e6f725c4bc9d540eac67bbf78b0ae893059d860cca52b4aee
RaccoonStealer
7cff32466f0b5aed14c17999813f0e2395598fe70437805589ea0bb9dc4fe9d1
RaccoonStealer
a9017566e9e66f032d8112dedb7a41398f0b56f607372d7df9096b555cc4c344
RaccoonStealer
cc98ee14bc8504ed2dae9d010c7f209775de51f9f31086814e2fb6b42baa7cb5
RaccoonStealer
f71af415b9939891015d10018b116c538506e55aaa67dc825c2c95cf6626555c
RaccoonStealer
+ 3'822 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:7ebf9b416b72a203df65383eec899dc689d2c3d7 stealer
Link:
https://tria.ge/reports/211017-s1w6vadefk/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
aa156806223068508fe317644fb0e5396107f71b0284e301577f754e0d286122
MD5 hash:
fa1486a2b835594d48c7f32ca1f15e48
SHA1 hash:
fe0297a9ddda480ba4d2264592d8e7cc4b8fadd3
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/29f0a391-02ff-487d-afd4-441387f7d50e/
Parent samples :
afa506dea7e88d3aa2ff4c2f58a21a91cf5d6ae5a00dea2cf482832d1613e37b
ccbfdd0661ad91a09b7226542b5feb70e01b108951a0a382b2381ea25b7c73d7
bc2bf5271de321e19fa21bae29bcf1260b2e43c8891ab056881f37a1209d8557
55927123aaddfc0c7d7b720e0f06aadd5bcc52d9b4955da3460b02561fb6447d
4cebb5a9492f91192a5def3c8345b217718a8223a9b845c3eec1e1eeaa8c6060
9e05d26ca31990960ecb59a804c99db6c1b07ae9d5afc4a835f04a0aceaea75e
9f11cb88433023075e0ad899c15354f27a9ef34e3d53aee561d391130d77ddaa
e128f0a54c481a677c0cdc5159600956776cc02fe066cec67775958e4d132ee9
921b85ad6dadda97e0c6a3d3eb36fb5e9943f24854c30dfa00bf29a8c722cf62
94036ecca794753179e68c331482c2b42b0c06a067169c8b004fad4e7dda673a
175857c3f9480499cf56d30f394f885d51ac9ef05bbc1d6bd86d3b4af393c261
cc98ee14bc8504ed2dae9d010c7f209775de51f9f31086814e2fb6b42baa7cb5
f71af415b9939891015d10018b116c538506e55aaa67dc825c2c95cf6626555c
7cff32466f0b5aed14c17999813f0e2395598fe70437805589ea0bb9dc4fe9d1
35d9bca5a3ae3990cf7c1e73f192600e7eddefda636d8594e1e3983e73fef941
fef23d7da54626830e7d3bf6738b1c6b587b204d16d888860c973cfc3bb999d7
37adbd4fc155549e6f725c4bc9d540eac67bbf78b0ae893059d860cca52b4aee
a9017566e9e66f032d8112dedb7a41398f0b56f607372d7df9096b555cc4c344
1a1eba19f1b9bc5eb62e70dfeda11fb27f7f79bb4c0aa3936d4e982bc0af41c1
33d3b2f2022f7bc8f6d5563a962d41fbb984b212b9e09f0ddf5fe7e9a44a8d34
b192cdd9dbe911ad254c513a7988cd62474cda9e72514557ae4399c163bcbfcc
ea35181753363a426ec2114c24bb445b642445698b5c3e419314b964ce60defb
88b8097ddd006cd54de00ea57d7d57c182df22fd4ba45629d922b5eae25ec786
503cc21000ab022ab292a174211951fb92b96c1a0a102bebf9c3c6d0194f1b72
c57897485abec1f54b3f54c762777cd2b8fb09d79282388a8b30bb1216052361
1aec6cc141b967ad7e484585cc9f14807fdea191960515a13e638d26ae1cbcee
3afa401a164d6cb1ba9ee8836c8f2af6c2bd445896bdf986a2385fa52e9e8c2d
7af9e7e44d7f033837b7bae0f23f2bd5d7eb5e31b2067fcf31be2886141517be
b2cfcca54559fe12152b31db92c3344cbf9024df4f9ba0bf4bd1790c3963a779
SH256 hash:
37adbd4fc155549e6f725c4bc9d540eac67bbf78b0ae893059d860cca52b4aee
MD5 hash:
a2de8d7acbe4742f93124e9a967a7fe8
SHA1 hash:
3e5a325b92a5afbaf7a9e8a844a608617325de1a
Link:
https://www.unpac.me/results/29f0a391-02ff-487d-afd4-441387f7d50e/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/37adbd4fc155/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/37adbd4fc155549e6f725c4bc9d540eac67bbf78b0ae893059d860cca52b4aee

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 37adbd4fc155549e6f725c4bc9d540eac67bbf78b0ae893059d860cca52b4aee

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1678286/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/197993/

Comments