MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ccbce27d1b4016ea31edebb61308be776f7ecf267647f80b0a6c3920a80630d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 14

Intelligence 14 IOCs 1 YARA File information Comments

SHA256 hash:	4ccbce27d1b4016ea31edebb61308be776f7ecf267647f80b0a6c3920a80630d
SHA3-384 hash:	42d62129df65c4658f3437c2bcfc4dd9cb1505d3f31e10fd3badb94df0343c060df76e259eba15e706f688bda27d466b
SHA1 hash:	b3dbd9a899eb39a8bc547f04157963ec676b4ec5
MD5 hash:	ade3699b373eda3954f366cfba3eb4d3
humanhash:	indigo-uncle-india-oklahoma
File name:	ade3699b373eda3954f366cfba3eb4d3.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	568'320 bytes
First seen:	2022-01-28 03:55:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b599c41ba6f3d2fcbb28babbce596599 (10 x RedLineStealer, 3 x RaccoonStealer, 1 x OnlyLogger)
ssdeep	6144:q2K3xYcdxJREcBfU2t4Ws1PtuJ+xYMw7eD2lE3Ucm5Hs8mTdqz4DTBdFxLNad8Ka:UxYcdxJREH28lu093UB0yu2PZ7/3+
Threatray	4'600 similar samples on MalwareBazaar
TLSH	T190C4012179D0C532C48A62714829FFB40ABDB83166A5C24777693B7D3E723805B792EF
File icon (PE):
dhash icon	fcfcb4b4b4d4d9c9 (3 x RedLineStealer, 1 x RaccoonStealer, 1 x Loki)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://91.219.236.153/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://91.219.236.153/	https://threatfox.abuse.ch/ioc/351806/

Intelligence

File Origin

# of uploads :

# of downloads :

230

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/224824/

Detection(s):

Win.Malware.Generic-9936948-0

Win.Malware.Generic-9937018-0

Win.Packed.Tofsee-9937296-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

DNS request

Sending an HTTP GET request

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/5378/overview

Behaviour

MalwareBazaar

SystemUptime

CPUID_Instruction

MeasuringTime

CheckCmdLine

EvasionGetTickCount

EvasionQueryPerformanceCounter

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware lockbit packed qbot

Link:

https://www.filescan.io/uploads/61f3695420a5f4d327d7a815/reports/8f90dda2-1179-4e2e-971e-432e0499e046/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0bf4339c-8c15-4170-9033-5ab51fdf9f40

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/929441

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4ccbce27d1b4016ea31edebb61308be776f7ecf267647f80b0a6c3920a80630d/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2022-01-20 05:56:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

37 of 43 (86.05%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=jtf44j6rwqaw5iy6325wcmel453pp3hsm5sh7afqu3bzecuammgq._file

Verdict:

malicious

Label(s):

raccoon

RaccoonStealer

1e061432a06c9e4935cd837118e5d68d79ec6c6bbdddcc40d8682e50db7344fa

RaccoonStealer

33c853d0f6d5467701301b6c4dfcf49da0e556b3ac2363b5619f673033627dca

RaccoonStealer

54bcd3308c140c8ec030f98697cc7f0e9d4585d54334a2eb77c58879510d5c8c

RaccoonStealer

70e14ddf23a5fe3d69cc50752fcc491aa2964a2cfee3d48caf182244929f9953

RaccoonStealer

7d8de08a564f08ee20d746a2c445245b75247e772248073431fc30d16a4b9b14

RaccoonStealer

a206d34bbfb7274775956f308ae81339a673c0e894ed55ee1e8e0f01f20ba5fb

RaccoonStealer

e438f74e71aa80712289eaac851a59a481b24e46ba5d607e3cd42aeea6129bd8

RaccoonStealer

+ 4'590 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:5fe793c8e43ef87135088e3bcd849849dc4845eb stealer suricata

Link:

https://tria.ge/reports/220128-ehdpwsfccq/

Behaviour

Raccoon

suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6

Unpacked files

SH256 hash:

4bcd189a219cd3457421b6d9bf6871550bd88f41bdebbb0f29820345eb3e60c4

MD5 hash:

0dc6248df82afcdf3aff1cfbe3fc8caf

SHA1 hash:

8fd4b9cb79cce64630d339e036f7a3faa927d69e

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/5957ce5d-7776-465b-b374-8887d26e30bd/

SH256 hash:

4ccbce27d1b4016ea31edebb61308be776f7ecf267647f80b0a6c3920a80630d

MD5 hash:

ade3699b373eda3954f366cfba3eb4d3

SHA1 hash:

b3dbd9a899eb39a8bc547f04157963ec676b4ec5

Link:

https://www.unpac.me/results/5957ce5d-7776-465b-b374-8887d26e30bd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4ccbce27d1b4016ea31edebb61308be776f7ecf267647f80b0a6c3920a80630d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/224824/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample