MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52bfb01a8cb2ad9893c08a518653e33f7382c7f0419461e983af6523b67a6dcd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	52bfb01a8cb2ad9893c08a518653e33f7382c7f0419461e983af6523b67a6dcd
SHA3-384 hash:	ff962c2227163530859099c16b21efff3ff5f316c820b29e672cafa2dfce2dba102071ae47cfae91028391c8ccf5855c
SHA1 hash:	9b769d6f1b2a3dccaa819678c8422000774de95f
MD5 hash:	17f5e05c0bff43379a3a1c3720797000
humanhash:	four-maine-nine-apart
File name:	17f5e05c0bff43379a3a1c3720797000.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	691'712 bytes
First seen:	2020-05-16 11:22:36 UTC
Last seen:	2020-05-16 12:19:25 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	658b8b49105b4637f9854f5572bf6da7 (1 x RaccoonStealer)
ssdeep	12288:d+QdgsrrctWeNV2Bo3+b3yJ3VwqYs60e4d61bC/lqHVLVEPr+w:MBOQtWeNVv+uCqH6v9C0pgr+
Threatray	295 similar samples on MalwareBazaar
TLSH	53E4F001F3E1D631E5770EB65EBD87A49E7AB902BD3112CE23466E0F99723E14902397
Reporter	abuse_ch
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

2

# of downloads :

91

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-15 23:03:54 UTC

File Type:

PE (Exe)

Extracted files:

74

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=kk73agumwkwzre6arjiymu7dh5zyfr7qigkgd2mdv5sshnt2nxgq._file

Verdict:

unknown

Similar samples:

07bfebe8d71ba6f9d0f0b05d40648777a4200a5811a1c6000f825c6d3e8246a4

1f41788769bed2b7fa9f0d52c257b57eaf17793d6e02d5b4aea4a4a148d72874

4418f28281e9cb0979fceae5903c9e2ace9f8a07f4e72d7ee67bc0526d59b7cc

65eccb834f29444214038fec3ecd6f53dee3d98743d8a80f824471c8f153224e

68f66dd88b1a69a8ff2e63cca5e4554e1b147ccd2474d356b60a749c21412fd4

a76b1ee42bf46e97b2b59192ad8ba7a53d8ec626f36c043540f0d2f4ae8c8d4b

bc40a28ee32a60282e95207c4c30c925002bece596c4df3b557e5de06b3246f9

d54f78713ce9ccaaf5b87be9e0273061eb659c547d5882332642b20d71547f79

de7f5d23f01e6db39776b8d70262dbdba511cb42aa65a71e1e3166ab91806da9

e6d287e8934bea3f8c237e9095cfebd7e629bb2a9624eafc0b26065e0e03485f

+ 285 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-gt8n8prexa/

Behaviour

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 52bfb01a8cb2ad9893c08a518653e33f7382c7f0419461e983af6523b67a6dcd

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/363091/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample