MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ae2121a59907625840dfc680841abdd1cbb1646f0e46f3078b8f4e7d55f3d8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 13

Intelligence 13 IOCs 1 YARA 4 File information Comments

SHA256 hash:	4ae2121a59907625840dfc680841abdd1cbb1646f0e46f3078b8f4e7d55f3d8e
SHA3-384 hash:	9cd6cc9cf89f36a01a0d6e4f072d4f2e25bf4f7eaaac581ff88ed89e5ceb49961da34ce2c25e901200d6c550adef455d
SHA1 hash:	58a9d3200daf1b04a72c730b9a93b22b94bf5e25
MD5 hash:	f0af15a2314afee90871fe75a1faa3a3
humanhash:	edward-carpet-romeo-vegan
File name:	4AE2121A59907625840DFC680841ABDD1CBB1646F0E46.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	608'256 bytes
First seen:	2021-09-03 03:25:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9b6cb8fb7864152f2c65c8441d386700 (1 x RedLineStealer, 1 x CryptBot, 1 x Glupteba)
ssdeep	12288:xF/Q4o6kX2HpCkZ71STDiYYQbSqDGGPTwEeEAz2:XFoeCkZ71STepKSmbTw1
Threatray	2'786 similar samples on MalwareBazaar
TLSH	T14DD4D000B790C034F5B736F88AB69379A56A39B2A76850CF52D51AFA46346F0FC3171B
dhash icon	ead8a89cc6e68ee0 (43 x RaccoonStealer, 31 x RedLineStealer, 20 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://5.181.156.221/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://5.181.156.221/	https://threatfox.abuse.ch/ioc/213378/

Intelligence

File Origin

# of uploads :

# of downloads :

136

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

3e28f67497b298297559fbf9c99b31312af487c4_2021-06-16_15-03.exe

Verdict:

Malicious activity

Analysis date:

2021-08-03 10:46:38 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/83450a8b-1878-4545-9c8d-aba3415e57f5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/184992/

Detection(s):

Win.Malware.Generic-9872493-0

Win.Malware.Generic-9872713-0

Win.Malware.SmokeLoader-9872492-1

Win.Malware.SmokeLoader-9872608-1

Win.Packed.Raccoon-9874011-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Connection attempt

Sending a custom TCP request

Sending an HTTP POST request

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/99db8520-4b98-4521-b7f5-efedf7e88b08

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/844484

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Detected unpacking (changes PE section rights)

Found malware configuration

Infostealer behavior detected

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/4ae2121a59907625840dfc680841abdd1cbb1646f0e46f3078b8f4e7d55f3d8e/

Threat name:

Win32.Ransomware.WannaCry

Status:

Malicious

First seen:

2021-06-17 11:08:16 UTC

AV detection:

28 of 28 (100.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=jlrbegszsb3clban7ruaqqnl3uolwfsg6dsg6mdyxd2opvk7hwha._file

Verdict:

malicious

RaccoonStealer

3b543f2c89bb16b6aae67b95f5a91e87872ac31bab30495db76f70f560156cf9

RaccoonStealer

48ba5b838792bed9d4194a750ffe6ec30df56b27973d3572fa0f7bd1c6cfa470

RaccoonStealer

50b9bd3aea9355d60bb03f5d0cbcf3f601f1ec3d1b3c6e160bd0984d62baf15a

RaccoonStealer

5bc02ebc009910c9625991d64f2170d0c1ddd2b403d34674e3b48e8fd0f22242

RaccoonStealer

6add18a5c5caf334240dab675cfcad4b82d94bc333f46bdb7c09e84676ec85d2

RaccoonStealer

7b5c65ae580d887398957fdeb574f54427e5dccdd0ab8cb7a9e6f91074e28b17

RaccoonStealer

86c85206d1b307d93a14394cb78d1910f9dcfd0c4c134bcec227df7ae8cc2b0d

RaccoonStealer

9dab2a8cd79a947c700da1f58f7e967fd81cc321414d4cb512ab65b483834798

RaccoonStealer

c8dc6ed0d081d67f6b686a19ca7f5e211eb502dec5b287cd85b6a37035f20bd7

RaccoonStealer

+ 2'776 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:19a5107c14ad55a422854fc2b5446470e346ef69 stealer

Link:

https://tria.ge/reports/210903-dzrseacaa4/

Behaviour

Raccoon

Raccoon Stealer Payload

Unpacked files

SH256 hash:

644695fae7fd306cc39af96ae21f98d97041f56d85a03c31b9905d9a6e3a61bf

MD5 hash:

87c823106206bef0ddb7feb8f5714600

SHA1 hash:

1d790c7748434cd4c5b6ea6c3a83572754ef3f6e

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/b5ebe7fa-643f-4a2c-811f-0c3aab1a0916/

SH256 hash:

4ae2121a59907625840dfc680841abdd1cbb1646f0e46f3078b8f4e7d55f3d8e

MD5 hash:

f0af15a2314afee90871fe75a1faa3a3

SHA1 hash:

58a9d3200daf1b04a72c730b9a93b22b94bf5e25

Link:

https://www.unpac.me/results/b5ebe7fa-643f-4a2c-811f-0c3aab1a0916/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4ae2121a59907625840dfc680841abdd1cbb1646f0e46f3078b8f4e7d55f3d8e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Detects Raccoon/Racealer infostealer

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/184992/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample