MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4100f196d5289b085ea167afbec9aadbb5105bf46e48b5402f583db123878f96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4100f196d5289b085ea167afbec9aadbb5105bf46e48b5402f583db123878f96
SHA3-384 hash: b813046d2b5a9329aa7f12cdc42d7c8b2a6bb4ec9c380175d1204662005301c7d8a7edc595d7114f03c96e244782b5a5
SHA1 hash: 78ee76ba0ce7694571a47c7315e56ac8d45bb061
MD5 hash: 56ec940275c397a22c2a68ee000a2c67
humanhash: fix-delaware-tango-fish
File name:56ec940275c397a22c2a68ee000a2c67.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:81'920 bytes
First seen:2020-06-08 05:09:44 UTC
Last seen:2020-06-08 06:24:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cd7afac2147e9c19c4ce60b30a0f3bbc (1 x RaccoonStealer)
ssdeep 1536:SysFY6TjM64f7L3p0goKKyYSOXKDoE3BUhM71+M5WEQp4:XxuQFT9nNDoEKM71+M5WEQG
Threatray 520 similar samples on MalwareBazaar
TLSH EB83B037BC04C183E06442F16D639AE91726AD046C427E973259BDBFED35782ACE623D
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.681846.18099.8695.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 01:08:19 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ieapdfwvfcnqqxvbm6x35snk3o2raw7unzelkqbpla63ci4hr6la._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15145ed8e5ae3cf2acf9ad25bbcb3f782c4d8ba9674185d06baa66ae6d17f25a
RaccoonStealer
1a3223bf578249a17b6d1f8ee0ed8a5fd49690621f3ea63d0380db03f2c31e50
RaccoonStealer
308c96557c6be5d4519ba4bac38c23e611c7b61683cfc1063a6009e216c24f5e
RaccoonStealer
3e9f05acde528ea5fd7ca9d0c2af0e82d29e343d2f61420290e6f660630cd25f
RaccoonStealer
682be0853ccd6f60deb69d27941a628758c4e13e7d2e6ee95a95f415f3a9f0c6
RaccoonStealer
69fe5bb4b975f9437b6c3bcf3f07dc807a8f2e848f1e0c5802012295b06a742c
RaccoonStealer
6fa66f7851bea577cc6adfda11d3225a69b7c6554f028851eddd4d23ea074a59
RaccoonStealer
7dd09a71615dc2a60ba9dd906aebcff010f8442f4db392e4feb88baa01f8c999
RaccoonStealer
ad18dd53e866024606997688a8ba559b119fb7418d30b38c90e182a991333c99
RaccoonStealer
bcb474ac919440674135c673d8c6a0fc8015a63a15b2849c3346f74a716b5249
RaccoonStealer
+ 510 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2qf96lpqdn/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_asyncrat_j1
Create hunting rule
Author:Johannes Bader @viql
Description:detects AsyncRAT
Rule name:win_netwire_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 4100f196d5289b085ea167afbec9aadbb5105bf46e48b5402f583db123878f96

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/265919/
  
Delivery method
Distributed via web download

Comments