MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40bb1f90e8026a0d4dc01ef2a9e081bbe66bc7d49b6494440951a59b97f73d3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	40bb1f90e8026a0d4dc01ef2a9e081bbe66bc7d49b6494440951a59b97f73d3f
SHA3-384 hash:	6371f9ce508636801e109096a416eacb1842be157f38a3f8285660842e077a02f951b3af8de8ae192cfbca97f5acc3cd
SHA1 hash:	abba2e89a50c104658e701b517f8efeb2a3d646b
MD5 hash:	800dc2deed5441ef100150bf1f2ee438
humanhash:	wolfram-batman-pluto-alpha
File name:	800dc2deed5441ef100150bf1f2ee438.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	539'648 bytes
First seen:	2022-03-23 20:04:31 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0f1855557318264240cd30e161847f03 (2 x Stop, 1 x RaccoonStealer)
ssdeep	12288:U2kFteNkmCrk+4vvCUmtyaOonb96ubpaWH:b2U785Btfb96uFaWH
Threatray	5'052 similar samples on MalwareBazaar
TLSH	T10EB4E010BB90C035E5B312F8497A97A9B92E7AA05B2191CF63D52AEF17347D0EC3035B
File icon (PE):
dhash icon	b2dacabecee6baa2 (33 x RedLineStealer, 30 x Smoke Loader, 28 x Stop)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

# of downloads :

205

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/256870/

Detection(s):

Win.Dropper.Generickdz-9939781-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending an HTTP GET request

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/10987/overview

Behaviour

MalwareBazaar

CPUID_Instruction

MeasuringTime

SystemUptime

EvasionGetTickCount

EvasionQueryPerformanceCounter

CheckCmdLine

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware lockbit packed

Link:

https://www.filescan.io/uploads/623b7de4b94fb38cb4db7c24/reports/5fff717f-1184-43c0-b1d2-fb5024a7e006/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a3042ef2-3c14-4ba0-bd25-0ddaba5dc174

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/963180

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/40bb1f90e8026a0d4dc01ef2a9e081bbe66bc7d49b6494440951a59b97f73d3f/

Threat name:

Win32.Trojan.Strab

Status:

Malicious

First seen:

2022-03-23 15:35:11 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

20 of 26 (76.92%)

Threat level:

5/5

Verdict:

malicious

Label(s):

raccoon

RaccoonStealer

5760219348f8e2b162a4ed4c764d9d8c7333b2af9e97e1d437ff21a3da0e1061

RaccoonStealer

60ad2031ee79fbead639c2359aa309cda2acb96b98d865f68eab61ab9ec8b549

RaccoonStealer

6c58e340f883a4f80f9fb47658671fecfd6bb2db2766326e6e360f8e495896c1

RaccoonStealer

7276d225ccda464d5b6d067e68c5ef075241add9a3733ad939efb91ea11fb834

RaccoonStealer

8406f862c281a32094311d40f1cc275666ea3c368b9607db4ebb91b9cf9b5d3b

RaccoonStealer

9eb0fe70f9376781f8b6963565492833ba67881a27f3403827c58b6712574aa6

RaccoonStealer

a0afd4f0c83fe98b2d2ddbe7c6605af22dd49c72e0ee008841013bdf4e8c617c

RaccoonStealer

f09393a0c14c0c4560743e75e59a025aff474c1f27eddd08f19d0ecea80b0988

RaccoonStealer

faf794f618f1e3214187a8bb85d56d9cb659f26bba5baf782460b001ffb4fe67

RaccoonStealer

+ 5'042 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:2e327e4dd6bca590b96a5108291f78478e635b60 stealer suricata

Link:

https://tria.ge/reports/220323-ytzahsfahr/

Behaviour

Raccoon

suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)

Unpacked files

SH256 hash:

f4b47cb5397a05c50b77b62f74d431777f817305a18d71b55e76888ba447c8c1

MD5 hash:

5a5c02d4b2cce912c007dd5c9b6cc880

SHA1 hash:

33038cce89a74fdf36c24e2e7cc02d7923d2a334

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/eea9cbcd-95bb-4797-bc31-2e1589d482f2/

Parent samples :

14eb78c6d9f873f43e453ca56c4d9d1ffbb03ee79fddb87cadeef59626299b6a
05de97c5d5e02a32892efef426acba7e50728651617656cda3c36d5a1f780b55
5bbb1d94191a073a18a77febe1aa777a77966bd506fae11b30e8fe45c0068ac2
20cdfc02c239254853f4915308b81aa9823916b8cd6eaa02b3c1a19b67b36e38
dcd86f777408e7767b916e617f98f7b4f5ef5a1e69b112aaa202ede4a55bc9cc
3b43575904dc89bb8b1e0f12b66cff78e59959b20f99e76bab08fb27bb5a8f82
9d30503fc799e14b88937b30600aef9ab65b8bd9a4b9707f1135b3292a5a2b9d
1bf82fd3ce19bf2d68a393064bf90399d64e82772e481ebd0f87ee031e92b9a6
2766b8092ec9d6a8cf04b83100613068ea365b7142751245864506e0d67c1bd0
3d096aec97d55472b437b12fc17924aec39f7b5a25e6e43867cc90f9afcf6337
0dcc54b7413d2c838980c6ccdb5d68c52a0a1b7994d212c537291460a5c49aa0
2f4d23f1d9f7cc7f090eeb0c6a9c459cdf94db5739cff072f848f9bc9f7358f7
40bb1f90e8026a0d4dc01ef2a9e081bbe66bc7d49b6494440951a59b97f73d3f

SH256 hash:

40bb1f90e8026a0d4dc01ef2a9e081bbe66bc7d49b6494440951a59b97f73d3f

MD5 hash:

800dc2deed5441ef100150bf1f2ee438

SHA1 hash:

abba2e89a50c104658e701b517f8efeb2a3d646b

Link:

https://www.unpac.me/results/eea9cbcd-95bb-4797-bc31-2e1589d482f2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/40bb1f90e8026a0d4dc01ef2a9e081bbe66bc7d49b6494440951a59b97f73d3f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

exe 40bb1f90e8026a0d4dc01ef2a9e081bbe66bc7d49b6494440951a59b97f73d3f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2109168/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/256870/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample