MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51ec139872ee667e1b93e579dec1f76ca58aad1da36e5f4ca331100a34cc1e9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	51ec139872ee667e1b93e579dec1f76ca58aad1da36e5f4ca331100a34cc1e9d
SHA3-384 hash:	91bb56a7223b2c2fea0ed839de3a5edf7107ec1fac6101cbb666ccc27af5c8079c067f4e2d892122429c22f6a6bb6a83
SHA1 hash:	93c5cc0bd5297434c7a087416275385af24311f6
MD5 hash:	0723b2b5fdd61440a5192c0ad4b93184
humanhash:	potato-mockingbird-failed-whiskey
File name:	0723b2b5fdd61440a5192c0ad4b93184.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	441'856 bytes
First seen:	2021-11-06 10:54:10 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	df20e941b7aae524e8c7295e606402fe (3 x RaccoonStealer, 1 x CoinMiner, 1 x RedLineStealer)
ssdeep	6144:ycUpbAYtlza/jTDioQ9uRNEfwhhqULp7zRHUAg+nWcTTND2PjiEHf8L/fRM:ycUpkYtQ/3OoVRG4Dt7aAg49TNzLXR
TLSH	T19A94020473E0CC35E5E706309C34D6A15A7BBDB29535C98B7B543F2A3EE26C08A257A6
File icon (PE):
dhash icon	480c1c4c4f590b14 (113 x Smoke Loader, 92 x RedLineStealer, 83 x Amadey)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

# of downloads :

152

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/202897/

Detection(s):

Win.Trojan.Generic-9906289-0

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/61865f062084b424af0c3e46/reports/7fbe1888-4785-46df-ae00-8c86aaefe621/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ce0c1f0d-b0e4-40d9-bdce-0af5f4058861

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/51ec139872ee667e1b93e579dec1f76ca58aad1da36e5f4ca331100a34cc1e9d/

Threat name:

Win32.Trojan.CrypterX

Status:

Malicious

First seen:

2021-11-06 10:55:07 UTC

AV detection:

22 of 45 (48.89%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=khwbhgds5zth4g4t4v455qpxnssyvli5unxf6tfdgeiaungmd2oq._file

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer

Link:

https://tria.ge/reports/211106-mz5hyabecr/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Raccoon

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

181bbb28e9335af8d92e0faf0da7ae19ad664f9c855841d6bc89d73f3d125027

MD5 hash:

a5a90453b002438070f319627cfe374e

SHA1 hash:

65adabe7ea17a30c6a701abe3515bd2ca8ff6757

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/78a1524c-6f78-47ed-8290-eef39264ac47/

Parent samples :

6373657d8707b7051ba7f51ad64cf4f609fa9f3f724767d90c6c925d68b19f5f
406e554133aaa471bbb6fee0d5de06a937a53073d2a97117a768612388bdeefd
51ec139872ee667e1b93e579dec1f76ca58aad1da36e5f4ca331100a34cc1e9d
18766c4e4e8161f71cfcb98a700ad53866a75d29fb67898e866e0bbc0d95bba8
b7a9dde08c301151706450934b914bfdbbffe7743847551dcd36fc1e5780652b
0f2db91b5b581e397e793cbfa45436ea0a13a4cb9aa734cb820208f8bf9a51af
596e838294aa3618fd5a6e8d71ae615f549a9df857745c41515134f748f68ef3

SH256 hash:

51ec139872ee667e1b93e579dec1f76ca58aad1da36e5f4ca331100a34cc1e9d

MD5 hash:

0723b2b5fdd61440a5192c0ad4b93184

SHA1 hash:

93c5cc0bd5297434c7a087416275385af24311f6

Link:

https://www.unpac.me/results/78a1524c-6f78-47ed-8290-eef39264ac47/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/51ec139872ee/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/51ec139872ee667e1b93e579dec1f76ca58aad1da36e5f4ca331100a34cc1e9d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

exe 51ec139872ee667e1b93e579dec1f76ca58aad1da36e5f4ca331100a34cc1e9d

(this sample)

Cape

https://www.capesandbox.com/analysis/202897/

URLhaus

https://urlhaus.abuse.ch/url/1738451/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample

MalwareBazaar Database

Database Entry

Intelligence

File Origin

Vendor Threat Intelligence

Result

Details

Result

Signature

Behaviour

Result

Behaviour

Unpacked files

File information

Comments

Login required