MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4aef3c75f9d11a676991551a14ab76a0fe502f4cffd27701ce7cbf5581fd796f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 9

Intelligence 9 IOCs 1 YARA File information Comments

SHA256 hash:	4aef3c75f9d11a676991551a14ab76a0fe502f4cffd27701ce7cbf5581fd796f
SHA3-384 hash:	cd79aa8a1634bb6ccbb422fe9bbf834067513427793249e010f9afcbde5c6e05b69dc35c4997a4e001b25fa5866b390a
SHA1 hash:	c5322d0033a16af12c754f4838a43e21e98edc31
MD5 hash:	14d154cb79b624db91e3ac7f68442347
humanhash:	river-thirteen-music-delta
File name:	4aef3c75f9d11a676991551a14ab76a0fe502f4cffd27.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	6'851'072 bytes
First seen:	2021-05-28 15:20:24 UTC
Last seen:	2021-05-28 15:42:59 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	129e9ef609b7048f8b92cbfb16c31fd6 (2 x RaccoonStealer)
ssdeep	98304:U5rwlg0tsGwF82BeVvMnNIy+iKPeh3lvWWvRmoMObKqTwU0349BwAN/:HXt55TUEiKPKEWvoObnMy
Threatray	17 similar samples on MalwareBazaar
TLSH	BA66236322AA1145E5F5883ECD277DB433F783668292547C68B7BDC129B2AE2F103D17
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://45.153.230.32/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://45.153.230.32/	https://threatfox.abuse.ch/ioc/66258/

Intelligence

File Origin

# of uploads :

# of downloads :

126

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

4aef3c75f9d11a676991551a14ab76a0fe502f4cffd27.exe

Verdict:

Malicious activity

Analysis date:

2021-05-28 16:22:44 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/dbea790a-d11d-4fb8-8f2c-587a9bff22c0

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/162996/

Detection(s):

SecuriteInfo.com.Mal.Generic-S.15896.19300.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Sending a UDP request

Connection attempt

Sending an HTTP POST request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/793953

Signature

Found Tor onion address

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/4aef3c75f9d11a676991551a14ab76a0fe502f4cffd27701ce7cbf5581fd796f/

Threat name:

Win32.Infostealer.Racealer

Status:

Malicious

First seen:

2021-05-26 18:24:00 UTC

AV detection:

18 of 29 (62.07%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=jlxty5pz2engo2mrkunbjk3wud7fal2m77jhoaoops7vlap5pfxq._file

Verdict:

suspicious

RaccoonStealer

22a49fd2468178e5b33cad08985adde50f0530a33260affc58bee6b2401005a9

RaccoonStealer

2aaad8177d08507b09dc3d419b4d31f65db6fe6bc6314ffce650b9fc57f0817c

RaccoonStealer

2ace0be70434934b6e140f679a0c1551dd589abedfb1f6abeb5ceffaf0a1b9d9

RaccoonStealer

36cbc77a5caaf8f805bc7347ee4cd27657fca600ea5e202e633aca7a09d73297

RaccoonStealer

4098b54c9d27b00ce34d04ffac24213ed28993a2854827851b157d63407c2e4e

RaccoonStealer

7e17e9de1f6643f57b6cda4a921b025a9caf5689728b0af2f653887f41e2c318

RaccoonStealer

7f588ecbff9405b87fa5b809b52d0b667f19a09e47bafc2cf1f5f9d5f19f16c1

RaccoonStealer

a3c2207806f9be710f3a1d1cbf1149a708bb080946e2368c8e826f5cef2293e4

RaccoonStealer

a761168b889a5c5ff56defeb1cedb786ffa90e3b61b6660cfc41e49b1ee638f0

RaccoonStealer

+ 7 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:75a5b6817e636bc2ac81842f84908bb1c4f2d092 stealer

Link:

https://tria.ge/reports/210528-jbddqz75hn/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Raccoon

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4aef3c75f9d11a676991551a14ab76a0fe502f4cffd27701ce7cbf5581fd796f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/162996/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample