MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d528b742ada6b08740dd5413b53471fadd61ca065332bd768904603bd640fa6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d528b742ada6b08740dd5413b53471fadd61ca065332bd768904603bd640fa6
SHA3-384 hash: fd5cacb7e9081f83615e066407fbf2a45916b83a72adb9702f2b642c2c51bbcbbc4edc7a48d3f3451374ea41243a7ce1
SHA1 hash: 338fc6db167a42bc0709c4dcec4d6e2258c91bd8
MD5 hash: 48efa0aacf4fc77df43bca3e2ec24a83
humanhash: alaska-texas-july-sodium
File name:48efa0aacf4fc77df43bca3e2ec24a83.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:1'310'720 bytes
First seen:2021-06-20 00:20:50 UTC
Last seen:2021-06-20 01:10:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d9cd4126463a23f234a6ba2e4c47e4b7 (1 x RaccoonStealer)
ssdeep 24576:EHkMS5g/oIj/VBpzXFq9v1acwAyXIrt2go5pvxM+Yy5X1IVeY27:EESoIj91+tyA1r3o5ZxNX1IVeY
Threatray 1'270 similar samples on MalwareBazaar
TLSH 5255C023A2D14437D2B32A349C7B92945835BFCC3925988E6BE42F4C9F357A13B7215B
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://34.105.169.29/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://34.105.169.29/ https://threatfox.abuse.ch/ioc/137379/

Intelligence

File Origin
# of uploads :
2
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
48efa0aacf4fc77df43bca3e2ec24a83.exe
Verdict:
Malicious activity
Analysis date:
2021-06-20 00:21:54 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/98b501e8-148f-4897-854a-6829f0fb5b71

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/167091/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.29769.27148.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b3f04eeb-e983-46d6-b1e1-08891858bc92
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/804792
Signature
Contains functionality to steal Internet Explorer form passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/3d528b742ada6b08740dd5413b53471fadd61ca065332bd768904603bd640fa6/
Threat name:
Win32.Trojan.Chapak
Create hunting rule
Status:
Malicious
First seen:
2021-06-20 00:21:13 UTC
AV detection:
10 of 29 (34.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hvjiw5bk3jvqq5an2vatwu2hd6w5mhfamuzsxv3isbdahpleb6ta._file
Verdict:
malicious
Similar samples:
211360b0cb7bd4e1fa953a5452efd4e0e28f1917ba51ed4c2e6f6800ea86780f
RaccoonStealer
3bbc9dc239950316f60ce159afff3e7d7d1ea57c0feb1288a699da981662b9d5
RaccoonStealer
4a0f69418fd192f33d63baeb991a343db79af86be3cde253f38b05ac33205d9e
RaccoonStealer
612e83248527b731211cc4161bf7c9bf3c15c59312725ef1285902558c3ceb70
RaccoonStealer
67ee0a1422563807cb5af36dd2527d3e96f5532f34020c0cdacb4325d31d77b0
RaccoonStealer
b2c71a3b927301a484057e79c1d8a08c45512181b6378ca2627d34ddec49d4f4
RaccoonStealer
b46bcadf27236d47a847bf4d96e24db984c7f61485b0eec1f97ca1e3c3ac4079
RaccoonStealer
b82b210a1ead0d52042310991c59e3417ea2606f00591b7bd4440e8d23d31f88
RaccoonStealer
c84e411fb1f1ffeb1de2b123f7259409b93f6dd3e67c227373ea22d3e7efcdf2
RaccoonStealer
dd1dea95bf17e3f135d2740e87d8b9f08ccf347e4ff832b9e747f775017ff346
RaccoonStealer
+ 1'260 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon discovery spyware stealer
Link:
https://tria.ge/reports/210620-4r2hlcfpxn/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious use of WriteProcessMemory
Checks installed software on the system
Reads user/profile data of web browsers
Deletes itself
Loads dropped DLL
Reads user/profile data of local email clients
Downloads MZ/PE file
Raccoon
Unpacked files
SH256 hash:
3f6b049b5ab3ef0eb5fd724e40ebe33ae8d402b396d6bf3eb252a117bce29cd0
MD5 hash:
a016dfdd2925bf1151b7af621b5b2aec
SHA1 hash:
c5e51687a2a369534a502196aba1f210adf5edbf
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/101b5ddd-cb7e-4a4b-95a8-4b71614f3a22/
Parent samples :
dd1dea95bf17e3f135d2740e87d8b9f08ccf347e4ff832b9e747f775017ff346
3bbc9dc239950316f60ce159afff3e7d7d1ea57c0feb1288a699da981662b9d5
3d528b742ada6b08740dd5413b53471fadd61ca065332bd768904603bd640fa6
2f1b909a7c96ff19f18a928fe3d9e45bb0188295208ed1cc2a2cccc7bd63b7ea
SH256 hash:
3d528b742ada6b08740dd5413b53471fadd61ca065332bd768904603bd640fa6
MD5 hash:
48efa0aacf4fc77df43bca3e2ec24a83
SHA1 hash:
338fc6db167a42bc0709c4dcec4d6e2258c91bd8
Link:
https://www.unpac.me/results/101b5ddd-cb7e-4a4b-95a8-4b71614f3a22/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3d528b742ada6b08740dd5413b53471fadd61ca065332bd768904603bd640fa6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 3d528b742ada6b08740dd5413b53471fadd61ca065332bd768904603bd640fa6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1372392/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/167091/

Comments