MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b8487facc8393281ac3ba036992ac03a5dd76f8a81d865841b0d6b6a4fabc22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 8 File information Yara Comments

SHA256 hash: 4b8487facc8393281ac3ba036992ac03a5dd76f8a81d865841b0d6b6a4fabc22
SHA3-384 hash: 82be27043bf6e13dc7bddcae1a32248196007d70e40f395201e47a491f4fd1167960ee69554a93773763d90b3a1238af
SHA1 hash: 5e8e3b26746bcd30e2bd92d43ebc4e8981fe4cac
MD5 hash: 699e10e9adc36236e30a3b4bc0d243c9
humanhash: fish-don-nitrogen-fruit
File name:SecuriteInfo.com.Trojan.GenericKD.43529988.891.8883
Download: download sample
Signature RaccoonStealer
File size:1'195'072 bytes
First seen:2020-08-01 19:29:47 UTC
Last seen:2020-08-02 07:33:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fade38f604ff4b0fe3b4d219a73be69c
ssdeep 12288:Z8eJCOHjjkfMlBwUGqYXiv3TtnZ0SUh/FTs5SLiNOwC1NpAc7XMf2/ynUc/:+y3PqivxZm/FcSLwT7cFqnx/
TLSH BD45F519BCC04FAFD61A487669A1D7241D9AEE094760F10F47E4F6D2F3B3BF59A80284
Reporter @SecuriteInfoCom
Tags:RaccoonStealer

Intelligence


File Origin
# of uploads :
2
# of downloads :
25
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending a custom TCP request
Creating a window
Creating a file
Deleting a recently created file
Reading critical registry keys
Delayed reading of the file
Running batch commands
Launching a process
Stealing user critical data
Sending an HTTP POST request to an infection source
Sending an HTTP GET request to an infection source
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Threat name:
Win32.Infostealer.RacStealer
Status:
Malicious
First seen:
2020-07-22 23:38:30 UTC
AV detection:
25 of 31 (80.65%)
Threat level
  5/5
Result
Malware family:
raccoon
Score:
  10/10
Tags:
ransomware spyware discovery stealer family:raccoon
Behaviour
Modifies system certificate store
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
JavaScript code in executable
Checks installed software on the system
Reads user/profile data of local email clients
Loads dropped DLL
Reads user/profile data of web browsers
Deletes itself
Raccoon
Raccoon log file

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 4b8487facc8393281ac3ba036992ac03a5dd76f8a81d865841b0d6b6a4fabc22

(this sample)

  
Delivery method
Distributed via web download

Comments