MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 406e554133aaa471bbb6fee0d5de06a937a53073d2a97117a768612388bdeefd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 406e554133aaa471bbb6fee0d5de06a937a53073d2a97117a768612388bdeefd
SHA3-384 hash: 960c9a0c228b47c97206492110b8126a8676c17e09f9d7b2e8dffac5991dd43c6999fb16e1f2b3df28a4c6d8721deb73
SHA1 hash: eeda807def983e9b8a9d85668d9d5b6a8018b44b
MD5 hash: 8dda2c919983a6e3f8eabe96a72280e0
humanhash: lamp-quiet-social-papa
File name:8dda2c919983a6e3f8eabe96a72280e0.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:493'568 bytes
First seen:2021-11-06 10:23:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 52726e4ed1d5baaf91bb2b7c27c2caba (1 x RaccoonStealer, 1 x Smoke Loader, 1 x KPOTStealer)
ssdeep 12288:2NAlk9f6WaEkVsdglWqwFNraGX5Pk3Zy3unnjUy4:2skN6PEdn7PraGpPPgjQ
Threatray 4'098 similar samples on MalwareBazaar
TLSH T186A4E03172A9C431D4A74E309874C6A45A7BBC125560914BFB9CBF6E2F70F9C1AE231E
File icon (PE):PE icon
dhash icon 81bcdcac9c8cb484 (7 x RaccoonStealer, 5 x RedLineStealer, 2 x ArkeiStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/202882/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.13669.9830.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/618657c52084b424af0c31e4/reports/d0f15ca0-923e-45cf-99d7-af169f9f803a/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/938392d4-5fc4-4d65-9cad-f3823f33d46d
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/884473
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/406e554133aaa471bbb6fee0d5de06a937a53073d2a97117a768612388bdeefd/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-06 10:24:06 UTC
AV detection:
13 of 27 (48.15%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ibxfkqjtvkshdo5w73qnlxqgve32kmdt2kuxcf5hnbqshcf5536q._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
3bd87df107b7f796664419c54716ea4dc9a2c6a4b34efa85eb1eb75f6458b13b
RaccoonStealer
3d3bdfa63f14658e164027af06ac4728891f5025fadddac2f2f6debb4021d531
RaccoonStealer
545e5ac7b0c4568049dd33037de46e8a006845563bda516818ad4e4464d580fe
RaccoonStealer
71c8ba3bff2028ae1586c04850560d0d11711f166b4713604c65bb68db07e03a
RaccoonStealer
8136e992f634fec74c2c923edc4cf43ab8601dd3dc229bb3fde7d798e644beae
RaccoonStealer
8f4d56c333b5b0b743a6dcdc6d6954adfdde2fc5219b8c45987202445ecdfc9c
RaccoonStealer
ab9a992f805bce47b17d65b705612b2c88d55beafd9714c5a278be7ee09e1d58
RaccoonStealer
b7b037355cc6e9dc7f9c665f1ea987bafed82a4825409a5d05cde15c6d243dff
RaccoonStealer
dded956a99823dc3d87aafa2764e9a561eb9df6b571251f118468052143d76cc
RaccoonStealer
fc6b841e6c753eeebf0d7cc8820cd3c6fcbeb40fc4d2c4d9a8bf9d3f0907fb76
RaccoonStealer
+ 4'088 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer
Link:
https://tria.ge/reports/211106-mfdk4sbdgr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Raccoon
Unpacked files
SH256 hash:
181bbb28e9335af8d92e0faf0da7ae19ad664f9c855841d6bc89d73f3d125027
MD5 hash:
a5a90453b002438070f319627cfe374e
SHA1 hash:
65adabe7ea17a30c6a701abe3515bd2ca8ff6757
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/f52b8570-3e3e-407e-9fca-77c94da2c81d/
Parent samples :
6373657d8707b7051ba7f51ad64cf4f609fa9f3f724767d90c6c925d68b19f5f
406e554133aaa471bbb6fee0d5de06a937a53073d2a97117a768612388bdeefd
51ec139872ee667e1b93e579dec1f76ca58aad1da36e5f4ca331100a34cc1e9d
18766c4e4e8161f71cfcb98a700ad53866a75d29fb67898e866e0bbc0d95bba8
b7a9dde08c301151706450934b914bfdbbffe7743847551dcd36fc1e5780652b
0f2db91b5b581e397e793cbfa45436ea0a13a4cb9aa734cb820208f8bf9a51af
596e838294aa3618fd5a6e8d71ae615f549a9df857745c41515134f748f68ef3
SH256 hash:
406e554133aaa471bbb6fee0d5de06a937a53073d2a97117a768612388bdeefd
MD5 hash:
8dda2c919983a6e3f8eabe96a72280e0
SHA1 hash:
eeda807def983e9b8a9d85668d9d5b6a8018b44b
Link:
https://www.unpac.me/results/f52b8570-3e3e-407e-9fca-77c94da2c81d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/406e554133aaa471bbb6fee0d5de06a937a53073d2a97117a768612388bdeefd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 406e554133aaa471bbb6fee0d5de06a937a53073d2a97117a768612388bdeefd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1738451/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/202882/

Comments