MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48160a7b32d933414246f5e2143e4921b27961588e07a56b98df65161b40377c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 15

Intelligence 15 IOCs 1 YARA 3 File information Comments

SHA256 hash:	48160a7b32d933414246f5e2143e4921b27961588e07a56b98df65161b40377c
SHA3-384 hash:	761ba43b4a2c732dce7cfcf47be7770a9791f5036845bca3851c045283e38673e4d415142b2597f8bb2d4af173fd58ca
SHA1 hash:	79c65030eafbede79e32a26c6d2dcd268d2582c2
MD5 hash:	29b19294b1cf91992c1ae35cdfbbf4a3
humanhash:	queen-fruit-quebec-ceiling
File name:	29b19294b1cf91992c1ae35cdfbbf4a3.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	536'064 bytes
First seen:	2022-03-22 18:46:40 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b2c50fda1c88b7378f90a6c676430aca (1 x RedLineStealer, 1 x RaccoonStealer)
ssdeep	6144:xT1d0kJwjtE5eBHalu+9MKbihwpA7iA9jGU2ls0p4N/XSlVFhKmpWq1rrd:x5d0kKmEOVihwa7iA9jcs0p4grLxr
Threatray	10'942 similar samples on MalwareBazaar
TLSH	T1BCB412263910C436C86A51705E16C4B59B7E79320673894B3B5A136EEF713C1BBBB32B
File icon (PE):
dhash icon	c9c9c82848507008 (1 x RaccoonStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://185.163.204.62/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://185.163.204.62/	https://threatfox.abuse.ch/ioc/437100/

Intelligence

File Origin

# of uploads :

# of downloads :

163

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/255058/

Detection(s):

Win.Packed.Strab-9942213-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending a custom TCP request

Sending an HTTP GET request

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/10470/overview

Behaviour

SystemUptime

MeasuringTime

EvasionQueryPerformanceCounter

CheckCmdLine

EvasionGetTickCount

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/623a19e7b94fb38cb4d0ece3/reports/f102a24d-96fe-49e6-857a-d53350f28a07/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/945cec04-4ca4-48d5-9a25-3ebf05b59129

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/962099

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/48160a7b32d933414246f5e2143e4921b27961588e07a56b98df65161b40377c/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2022-03-19 00:28:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

31 of 42 (73.81%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jalau6zs3ezucqsg6xrbipsjegzhsykyryd2k24y35srmg2ag56a._file

Verdict:

malicious

Label(s):

raccoon

RaccoonStealer

43b1ec0b060303ab2154b434a4142502b9367dd7cb951725bfd55b679a5398ef

RaccoonStealer

5f8efd8bb77c1fb4b6f501a149d523e537ba70995567d7fc2b541fb6c76aa368

RaccoonStealer

b7aa18a92712cdd14629e5ec03173f3127c364a28ec90f1613dc772bd0e8c362

RaccoonStealer

dacb3244a7ab72f942a4f9f18b8f559ef88082e62e88cd147907f452a29f2a2c

RaccoonStealer

ec642b740a50f40817b916be127f134645b403ddb31c014bd1e85b4ce785d9a7

RaccoonStealer

+ 10'932 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:047eaa1340214d99a8deec47621412aa3ca866db stealer

Link:

https://tria.ge/reports/220322-xe74fagfd7/

Behaviour

Raccoon

Unpacked files

SH256 hash:

dfc7901931b66293f0fb89a7151480ebee5a655caf905095f2c20e8a68eba6ca

MD5 hash:

da01082522d6b9fed831c157a66ffe2d

SHA1 hash:

e92e40b859bc6b02cc484b84c28271949fd4b85a

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/d819d451-efa8-491a-a846-470af0cc2ef9/

Parent samples :

2324f4a3075dd29ad5968843189c8a11b536775cf64baa202ca6f3e9db418a0a
48160a7b32d933414246f5e2143e4921b27961588e07a56b98df65161b40377c
5551acf69e2dfecdfaaf1d327d308bda79cdd40864a8d4ecfd6d47bfa6f0f68a
c9fc9c25f5f404ef33c87d1c766fb4b4d8f50efd211fe197e6c734d797aca2a2

SH256 hash:

48160a7b32d933414246f5e2143e4921b27961588e07a56b98df65161b40377c

MD5 hash:

29b19294b1cf91992c1ae35cdfbbf4a3

SHA1 hash:

79c65030eafbede79e32a26c6d2dcd268d2582c2

Link:

https://www.unpac.me/results/d819d451-efa8-491a-a846-470af0cc2ef9/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/48160a7b32d9/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/48160a7b32d933414246f5e2143e4921b27961588e07a56b98df65161b40377c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Raccoon stealer payload

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/255058/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample