MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4418f28281e9cb0979fceae5903c9e2ace9f8a07f4e72d7ee67bc0526d59b7cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4418f28281e9cb0979fceae5903c9e2ace9f8a07f4e72d7ee67bc0526d59b7cc
SHA3-384 hash: 0f1c9a04b570e56cd48e37949732e6b4a2578298a34045bc9da314f4b76846955515d38938ca0eee9e8a446cac69f021
SHA1 hash: 10919aa48e4316a4b8a5d48b88f23561f17ee41b
MD5 hash: 5e56710d14b018aba3d5de962041b28b
humanhash: massachusetts-montana-nineteen-equal
File name:5e56710d14b018aba3d5de962041b28b.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:94'208 bytes
First seen:2020-05-14 06:30:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 818f0ff84eb995ce7c881ffc0494df34 (1 x RaccoonStealer)
ssdeep 768:puFpAxnfsJiL7TOd7ocOy3HHSQ+ALzteu8Umzihm7UGetCsU38cg11XmBWQOEoPI:wzcT87oFXuzte6EihTIenOBWLPI
Threatray 453 similar samples on MalwareBazaar
TLSH 79936B27F5B0CCAAD6118AB25FA993D8415FBC391D21890366C9763D7939213DBF032B
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 21:51:48 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iqmpfaub5hfqs6p45lszape6flhj7cqh6tts27xgppafe3kzw7ga._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2b54fb9596441cbdb7f2208b41a717adba83c5834a49c534f54d479131f750c1
RaccoonStealer
42a4a241b85a3c8bcd335504f822791859a2e74df645c70951996b35b53212d6
RaccoonStealer
43eb644d0682f9bc85745c538015ba9ad19b10116792b5e5aa5da33b6c3af797
RaccoonStealer
61c47bc44d3877e815be609e98f97eb1b79ee1c9215646570d85cc40aa9c1317
RaccoonStealer
65eccb834f29444214038fec3ecd6f53dee3d98743d8a80f824471c8f153224e
RaccoonStealer
68f66dd88b1a69a8ff2e63cca5e4554e1b147ccd2474d356b60a749c21412fd4
RaccoonStealer
cb96624fc5ed1dca5e1cbca928966a8e9e906817991314675e51fd98f83eb2a7
RaccoonStealer
ef3a1f525f383f8d5000a9f6fe4337f3c561ad41157d7cbb1bb2905aea18435c
RaccoonStealer
fd3faad0a3b4f30c9e4bc4940b811eb844275de784cb0548bef38793c514e70e
RaccoonStealer
fff57207bf2d6326bc580cd9788e36ec52437e472d26d49c015685525415d7ee
RaccoonStealer
+ 443 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ma5gk48rts/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Malicious_BAT_Strings
Create hunting rule
Author:Florian Roth
Description:Detects a string also used in Netwire RAT auxilliary
Reference:https://pastebin.com/8qaiyPxs
Rule name:MAL_unspecified_Jan18_1
Create hunting rule
Author:Florian Roth
Description:Detects unspecified malware sample
Reference:Internal Research
Rule name:netwire
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect netwire in memory
Reference:internal research
Rule name:Suspicious_BAT_Strings
Create hunting rule
Author:Florian Roth
Description:Detects a string also used in Netwire RAT auxilliary
Reference:https://pastebin.com/8qaiyPxs
Rule name:win_netwire_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 4418f28281e9cb0979fceae5903c9e2ace9f8a07f4e72d7ee67bc0526d59b7cc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/360441/
  
URLhaus
https://urlhaus.abuse.ch/url/265919/
  
Delivery method
Distributed via web download

Comments