MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b8487facc8393281ac3ba036992ac03a5dd76f8a81d865841b0d6b6a4fabc22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	4b8487facc8393281ac3ba036992ac03a5dd76f8a81d865841b0d6b6a4fabc22
SHA3-384 hash:	82be27043bf6e13dc7bddcae1a32248196007d70e40f395201e47a491f4fd1167960ee69554a93773763d90b3a1238af
SHA1 hash:	5e8e3b26746bcd30e2bd92d43ebc4e8981fe4cac
MD5 hash:	699e10e9adc36236e30a3b4bc0d243c9
humanhash:	fish-don-nitrogen-fruit
File name:	SecuriteInfo.com.Trojan.GenericKD.43529988.891.8883
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	1'195'072 bytes
First seen:	2020-08-01 19:29:47 UTC
Last seen:	2020-08-02 07:33:50 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	fade38f604ff4b0fe3b4d219a73be69c (1 x RaccoonStealer, 1 x Amadey)
ssdeep	12288:Z8eJCOHjjkfMlBwUGqYXiv3TtnZ0SUh/FTs5SLiNOwC1NpAc7XMf2/ynUc/:+y3PqivxZm/FcSLwT7cFqnx/
Threatray	11 similar samples on MalwareBazaar
TLSH	BD45F519BCC04FAFD61A487669A1D7241D9AEE094760F10F47E4F6D2F3B3BF59A80284
Reporter	SecuriteInfoCom
Tags:	RaccoonStealer

Intelligence

File Origin

# of uploads :

2

# of downloads :

73

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/36970/

Detection(s):

SecuriteInfo.com.Mal.EncPk-APV.21130.2952.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Sending a custom TCP request

Creating a window

Creating a file

Deleting a recently created file

Reading critical registry keys

Delayed reading of the file

Running batch commands

Launching a process

Stealing user critical data

Sending an HTTP POST request to an infection source

Sending an HTTP GET request to an infection source

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

n/a

Score:

24 / 100

Link:

https://www.joesandbox.com/analysis/406686

Signature

a

c

d

e

f

g

h

i

L

M

n

o

p

r

s

t

Behaviour

Behavior Graph:

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/4b8487facc8393281ac3ba036992ac03a5dd76f8a81d865841b0d6b6a4fabc22/

Threat name:

Win32.Trojan.RacStealer

Status:

Malicious

First seen:

2020-07-22 23:38:30 UTC

AV detection:

37 of 48 (77.08%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=jocip6wmqojsqgwdxibwtevmaos525xyvaoymwcbwdllnjh2xqra._file

Verdict:

unknown

Similar samples:

06c3086d2a9a4456f1e98b32ce177c455ed82caf13ae4bdc2e402d78f566160c

21743550446198801a4e0e26178cf590411632b3dd2ec17ba168ae036f00bbdc

4d993cb21ffe5a2b315ceede2a9e021f65fba6df052e1d0a400afba3ba76c17a

4fc5c83ab8d45e9b46bc1ab2a20e653d868e57f357b7f5b4ba433706594bc2ca

608a80fead8047545beea311f70ac37dcc5c97fceb2961b9cbea9fb6940dc3eb

66a0da9856d65f7adf93bafb7454c8b29444f1edfd57b4021a1e0b7d55c499df

725e252b9a759587bffe569832c002108b57127dbdc4ed7bddfec04c6a2e1d41

76f14beec386699e8370a3ea20a6671d7932e48382d46c47ae78b6612cdce4c8

c441bca193ad71497180db31fc7e3641935113d929c97f2ffc100ff109c4b7b6

e33dc5d4a3a46732206a4c01614a366e7bbf226942805cfefa1df3cf91326f13

+ 1 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

ransomware spyware discovery stealer family:raccoon

Link:

https://tria.ge/reports/200801-gshn1m2j8s/

Behaviour

Modifies system certificate store

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

JavaScript code in executable

Checks installed software on the system

Reads user/profile data of local email clients

Loads dropped DLL

Reads user/profile data of web browsers

Deletes itself

Raccoon

Raccoon log file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 4b8487facc8393281ac3ba036992ac03a5dd76f8a81d865841b0d6b6a4fabc22

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/417696/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/36970/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample