MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c072e8447a090783007f41a0293c619b455742d4d1b35011eb112a1b8cc2e12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 14


Intelligence 14 IOCs YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c072e8447a090783007f41a0293c619b455742d4d1b35011eb112a1b8cc2e12
SHA3-384 hash: e1429e46e2b471d8c6e1e9d34c85448e73376f3c35959d8ee2d5783c79336ea440fb43da6dd8f60b24b3dffcff4b0c75
SHA1 hash: b75d14b3896bdb6dbb878b92ff98c376d6e2ecfd
MD5 hash: ce82ca20c64a4699a03cf0ebf8f3db4f
humanhash: north-nebraska-ten-glucose
File name:ce82ca20c64a4699a03cf0ebf8f3db4f
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:556'544 bytes
First seen:2022-03-19 12:39:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4afe698a4ff3f157978858a4a5de1db8 (2 x Smoke Loader, 1 x RedLineStealer, 1 x RaccoonStealer)
ssdeep 12288:gdWe/K8QU551qxnQvm85azZ+r6uKUM0dftS1l4pnnCrIeZib1b7syDVCn2:ZKWUjUmvPwc2ujM+ftS7cCrHiJsbn
Threatray 6'409 similar samples on MalwareBazaar
TLSH T194C4E150BBA0D03EE1B311F4787693A9753E7EA15B2410CF22D66AEE56342E0ECB5317
File icon (PE):PE icon
dhash icon b2dacaaecee6baa2 (11 x RedLineStealer, 7 x Stop, 2 x RaccoonStealer)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
313
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/252960/
Detection(s):
Win.Dropper.Generickdz-9939781-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP POST request
Launching the default Windows debugger (dwwin.exe)
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9818/overview
Behaviour
MalwareBazaar
CPUID_Instruction
SystemUptime
MeasuringTime
EvasionQueryPerformanceCounter
EvasionGetTickCount
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6235cf280cd58dbd92be7fc1/reports/219e0837-cef7-4d38-aadc-29eefeab365d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/46f6b5b4-8412-473a-b55d-c319a9fe0b5f
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/960079
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c072e8447a090783007f41a0293c619b455742d4d1b35011eb112a1b8cc2e12/
Threat name:
Win32.Trojan.Convagent
Create hunting rule
Status:
Malicious
First seen:
2022-03-19 11:58:53 UTC
File Type:
PE (Exe)
Extracted files:
32
AV detection:
21 of 27 (77.78%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hqds5bchucihqmah6qnafe6gdg2fk5bnjuntkai6wejkdogmfyja._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
0119840753a6856f54c78aa99175502f3a9d8f652ee945a7dc59a56682c7f7d8
RaccoonStealer
3963cd89bb2d8ab3b3cf093cd70c5bebb9d1a10404c2c6414566b1ec86691e55
RaccoonStealer
543b301962f679c9550e70616c84e3ed0b78ea3ae70916aa2ecd4d2ac257a6d7
RaccoonStealer
6524ee3db299399fb8942869050b092f86970530ffeed461ef82206008b19061
RaccoonStealer
69eda8136b98f80bf6c09d8bff8f19551e23c06a82d59715ca37274331e33efd
RaccoonStealer
7fcc48b2b40ebd39192948c22ee86521efa5214b39902ba7700908031d294afd
RaccoonStealer
8e0caed1df3b6a4b202d41b71406761c6111263eb22bfdb9b7c0df081e8d4dad
RaccoonStealer
+ 6'399 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:4b8853263bfbfde368561fd97dd96c93b6b91e4f stealer suricata
Link:
https://tria.ge/reports/220319-pv8qxaaabk/
Behaviour
Raccoon
suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
Unpacked files
SH256 hash:
a35a7bc0683a747b96e34d35346f6357dfcec7fa883a7f3d9c1270a44119400a
MD5 hash:
6f82e26086f750bd745a35601efa6451
SHA1 hash:
404efb41831c48d76bc92e8763a51e4055f4b9ae
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/a12763bf-ae5d-4dea-a783-efa21d452596/
Parent samples :
3c072e8447a090783007f41a0293c619b455742d4d1b35011eb112a1b8cc2e12
2631bb84e6e34dd72aca532864d09e51d161c687ae3f5e495c16a2fded1213aa
e14e3ba37274e5efe932d789e8e24e20c7c21ad852978df80bb9392f5acf238e
0a7dcaf9e64345aeb5abd12728983253beacd114e4dbe2b3f5addfb7f198d854
cdc3c8092da2ff6ac49b6097aea6afb00439eb1638150042f78b561b6fa2d512
dbe977eb38b4307dcadcc923553535f94f762b91dd28eb11d27cdd6b8f9eab4f
84862dd214cf92e7ba589fda632e1a7d1748341da19ed2d4cc56029f8a1bb6ce
65fa28bc56a1b8132aede30afcb70685f90cfccd32f899ffda736b1b4f46144c
c9894dc1091f69ddf411b90853eaf2a4447e20b5a3f7dae5a6997c5c03b470fc
772b0096bf5c9bb9c71a7ea2ba9a631a80b115134f1d480c08af549fb6f90d87
bd0f4b38b5f2edfdaf836e9d4642488de3fe04f3e855826408cbc31f1bda138a
bab33596106fd683cb7190eedfb32a219fffc5691bed72c151893b3270f06c09
dd2db9bfa45002375af028ac00ca1b5e0c1db30a116c21cac2b4c75cb4ff9aec
3816d18b6f051f046a039ee937185509c8c3326f2842ba04de9d81e4e6ca7de5
bdff4c55eb7dd5a7d125a3629189c26ad2a3f1145a1801c4ba871e144a520895
f09393a0c14c0c4560743e75e59a025aff474c1f27eddd08f19d0ecea80b0988
8406f862c281a32094311d40f1cc275666ea3c368b9607db4ebb91b9cf9b5d3b
6c58e340f883a4f80f9fb47658671fecfd6bb2db2766326e6e360f8e495896c1
329cb82245c769af6159fde26e4bdb1831a0c0a7d16b9be24501fbe973563463
bdb06abce0a193e24ecb55cbda52963d6fbeb5b4c9efb8b45d588aef2ba7b943
d381f45d013f6b50a2be84d5d21f4743bf4271b789e3e81d5cf3b6fd3071ea20
353057209b0d75d63612db91a802368735d5954667946584e1ad0f6f84a892d2
17e503aef3804c0513838fb4ae3e00f323b1260bf753d99dbf0ae415ba54de11
90608df647f490150050db8a8cbcc66d15166957f53882a732699f78a939656b
SH256 hash:
3c072e8447a090783007f41a0293c619b455742d4d1b35011eb112a1b8cc2e12
MD5 hash:
ce82ca20c64a4699a03cf0ebf8f3db4f
SHA1 hash:
b75d14b3896bdb6dbb878b92ff98c376d6e2ecfd
Link:
https://www.unpac.me/results/a12763bf-ae5d-4dea-a783-efa21d452596/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/3c072e8447a0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3c072e8447a090783007f41a0293c619b455742d4d1b35011eb112a1b8cc2e12

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Raccoon stealer payload
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 3c072e8447a090783007f41a0293c619b455742d4d1b35011eb112a1b8cc2e12

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/252960/
  
URLhaus
https://urlhaus.abuse.ch/url/2105567/

Comments


Avatar
zbet commented on 2022-03-19 12:39:16 UTC

url : hxxp://file-coin-coin-10.com/files/6655_1647674789_3905.exe