MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 587e0fb4dfa654fa10eb322756fee3ed5fb0d7c5e903a0f3e97812a821d8f13f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 13

Intelligence 13 IOCs 1 YARA 2 File information Comments

SHA256 hash:	587e0fb4dfa654fa10eb322756fee3ed5fb0d7c5e903a0f3e97812a821d8f13f
SHA3-384 hash:	9ad9d123bc7ef33948acf8d01231cc85bf7c001fff34762deada640c3cbad88771e77d58248ffedca03a89cb27a82fdd
SHA1 hash:	1fd3aff485b9af228894a560cfd6f6f9eb142b17
MD5 hash:	f2710804050ae52b971441e51ceb44f8
humanhash:	florida-fix-fillet-burger
File name:	f2710804050ae52b971441e51ceb44f8.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	546'816 bytes
First seen:	2021-09-03 05:35:48 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f98082b3dd4af392746814cb64f8deec (2 x RaccoonStealer, 1 x Glupteba, 1 x Amadey)
ssdeep	12288:ajIN5UY0Hw+7anByTaLxeLMWYi8kFcGD6ROEDdMIwJpewcinYXaKmV6:hUY0Hw+7/MWYWmGD6RODpezinYXa3V6
Threatray	2'791 similar samples on MalwareBazaar
TLSH	T16DC4E020BAA0C435E4E713F558B987A8AB297DB15B2440DF62C637AE17346E4DC3067F
dhash icon	ead8ac9cc6e68ee0 (118 x RaccoonStealer, 102 x RedLineStealer, 46 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://5.181.156.221/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://5.181.156.221/	https://threatfox.abuse.ch/ioc/213378/

Intelligence

File Origin

# of uploads :

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

f2710804050ae52b971441e51ceb44f8.exe

Verdict:

Malicious activity

Analysis date:

2021-09-03 05:36:20 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/996a3c20-e380-4879-b346-53111fdcfd68

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/185014/

Detection(s):

Win.Malware.Generic-9887080-0

Win.Malware.Generic-9887275-0

Win.Packed.Generic-9887276-0

Win.Dropper.Fragtor-9887285-0

Win.Malware.Raccoon-9887772-1

Win.Dropper.Raccoon-9888227-0

Win.Packed.Fragtor-9888470-0

Win.Packed.Generickdz-9889118-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Connection attempt

Sending an HTTP POST request

Sending a UDP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/18b09768-f72a-4079-9345-e02c55202026

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/844526

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Detected unpacking (changes PE section rights)

Found malware configuration

Infostealer behavior detected

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/587e0fb4dfa654fa10eb322756fee3ed5fb0d7c5e903a0f3e97812a821d8f13f/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2021-09-03 05:36:11 UTC

AV detection:

35 of 43 (81.40%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=lb7a7ng7uzkpuehlgitvn7xd5vp3bv6f5eb2b47jpajkqioy6e7q._file

Verdict:

malicious

RaccoonStealer

55eebe9d7ba942dc7e308f277389bc5f4412fba5c828c2b1b154a1bc3b514dbf

RaccoonStealer

5fc5ab3f922510924c13f1018ba4d5d94f990f3885da41d68a38603020cf9b27

RaccoonStealer

6b1bfe99b9172556bf604f1635b3251f8087d016e6c401330f2d8bd7910694f3

RaccoonStealer

a486da5d4b90a37ab4e1f6bf3160af7f355d4eb1dc4466a8b48a1297ba1ea53a

RaccoonStealer

a7062fb3a21fa88712e225861e57c12bb081bf13526e61f083f84ebeeecbc77f

RaccoonStealer

b404e518d5bf0a7517799d7d71e6269c2cd561a569266344b8b6b5f0f6da9db7

RaccoonStealer

f33f279fa9d8a9fe9b955d363bdbf03b706d091d66e2a9130e2a59d06cdb83eb

RaccoonStealer

+ 2'781 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:00bdd6858c3856861f0d81937643f61ec7429443 stealer

Link:

https://tria.ge/reports/210903-galrmsffam/

Behaviour

Modifies system certificate store

Raccoon

Unpacked files

SH256 hash:

dd7394b77385b6da2aad4c59c5fe520c4f46fa765270b49ffcbcaa007a4d7f36

MD5 hash:

f5324234af08137ff5e8bb6a657c1448

SHA1 hash:

5e7740280a5e37338a06bad5927aeb5a5f699709

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/a40c830f-a0c7-4395-8b21-d7df513ca8a3/

Parent samples :

b0ccf88d4b5ae968794c601fd99c0af9c61d617693cdb9de743ca03a199c1ea2
e86a4604ef8b8aa51de835f29953cee41ab8ebdbb0a67c820ab37f2642237e77
cb0431843a465580af16a0fd3eac32bab34c3e52ee3951a50ac3d4c0d709d730
f6fa1e0673d37677b081dfe83a4a693038ce0a68d7c4715a3ee8f2086e3b64c1
69148105747e1f74106dfb122777b7b91ea987e691403d1e13e2a290158f5260
eb711eee5afe353053bb43ba1f4dc8f3892b471f16c79a28c9bef8f974019fd8
ea435f8deba53b4fd4a17dfd99f6d41ec709667aa0c79fd2ba8d5e896e93a0e3
f006a4c59daf7922ed92456c39741cd47d0c7e277473551a7b78442b2bec29a4
377d7bd0bb633c59150a6166eb415c8ecfea50076139ec717c263e10b50869f3
4242c220acc9cf21fad9e94af84777d0dabcaa7e7d828d604c780c276be87bdd
587e0fb4dfa654fa10eb322756fee3ed5fb0d7c5e903a0f3e97812a821d8f13f

SH256 hash:

587e0fb4dfa654fa10eb322756fee3ed5fb0d7c5e903a0f3e97812a821d8f13f

MD5 hash:

f2710804050ae52b971441e51ceb44f8

SHA1 hash:

1fd3aff485b9af228894a560cfd6f6f9eb142b17

Link:

https://www.unpac.me/results/a40c830f-a0c7-4395-8b21-d7df513ca8a3/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/587e0fb4dfa6/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/587e0fb4dfa654fa10eb322756fee3ed5fb0d7c5e903a0f3e97812a821d8f13f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/185014/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample