MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 588feeb1450290658dc8c433c098a381b3a0e1986473d01ebeb350718f7fd743. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 13


Intelligence 13 IOCs 1 YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 588feeb1450290658dc8c433c098a381b3a0e1986473d01ebeb350718f7fd743
SHA3-384 hash: ae05581447c2d6e9c19c7ed3ea910a04f8a4dbefed825dec9e86be6bb6ff8fcfeb2494696a2a19befaba36ce86796a1e
SHA1 hash: 7156036f2b976e6300b932bcd08ce32f3596008f
MD5 hash: ba9f814e904ccf15bedcecca93cba985
humanhash: edward-six-princess-fix
File name:ba9f814e904ccf15bedcecca93cba985.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:581'632 bytes
First seen:2021-12-03 16:25:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f7a4afcdf813f5294fbbf20bc23d8f02 (3 x RaccoonStealer)
ssdeep 12288:ygk2kFdddKvOn3rn0Gq/1nmrcD94AsuxWXFeLkQJIIdSOLzjyQH1:ygXidKOn3rn0R1nmrc6uxIJXOei1
Threatray 4'383 similar samples on MalwareBazaar
TLSH T131C49E6679718077F07200B0AEBCA7A1567DBCB00A624DA773C9063D4FB15D29722B7B
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://194.180.174.55/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://194.180.174.55/ https://threatfox.abuse.ch/ioc/258826/

Intelligence

File Origin
# of uploads :
1
# of downloads :
279
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ba9f814e904ccf15bedcecca93cba985.exe
Verdict:
Malicious activity
Analysis date:
2021-12-03 16:30:15 UTC
Tags:
trojan stealer raccoon
Link:
https://app.any.run/tasks/1c1c1d42-9ffd-436f-84d8-f81dc70b0f3a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/211095/
Detection(s):
Win.Malware.Raccoon-9892387-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware hacktool raccoon raccoonstealer racealer
Link:
https://www.filescan.io/uploads/61aa451d47ed217c01300d78/reports/9ff309ef-05e8-4550-a196-c286e27b6fed/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/63a970c2-04bc-4c6a-8d18-c9c94aa4e8c0
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/901023
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/588feeb1450290658dc8c433c098a381b3a0e1986473d01ebeb350718f7fd743/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2021-11-26 23:29:06 UTC
File Type:
PE (Exe)
AV detection:
35 of 45 (77.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lch65mkfakigldoiyqz4bgfdqgz2bymymrz5ahv6wnihdd3725bq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
057c94c9a7d7d2f63911469b1c25fac5b374d9f54a0d57319820df2496938bbd
RaccoonStealer
28f5fb04e33ee8f3257b1a2c6f4ade3f281b0d474eea4bdde2abe622a1b11994
RaccoonStealer
51160ae1edfcf45c5e3e6e1bedc4a5bdcfc27d5e23cb08c511ecd43b816b4c08
RaccoonStealer
80cc4b9b573e536f8894ddbd23c69e2950629d0a29b0b19a12a4412f00ab6ae4
RaccoonStealer
87da691d7cc3e60c8cfcdd20e2499c1e37e21a615e6e3ec4a0317a3af0227ada
RaccoonStealer
8a238409c8e182cc005bbca9233803149db3d0260d5246112f8b68c5a1dfa54d
RaccoonStealer
c5d5a28565277162bc72399c71d38bf329be3a8e5b34140447212533c06a2be2
RaccoonStealer
d09f1f4d1e5cf1ea2c2ffcf037bb2af20315e592f5c7f6d8692c1b60c2713927
RaccoonStealer
+ 4'373 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:de36ca8013e41f960c4c4fdf7fb07850af4390f4
Link:
https://tria.ge/reports/211203-txhdyshadm/
Unpacked files
SH256 hash:
588feeb1450290658dc8c433c098a381b3a0e1986473d01ebeb350718f7fd743
MD5 hash:
ba9f814e904ccf15bedcecca93cba985
SHA1 hash:
7156036f2b976e6300b932bcd08ce32f3596008f
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/3e3364b1-d87a-4561-88ac-90cd1b46c191/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/588feeb1450290658dc8c433c098a381b3a0e1986473d01ebeb350718f7fd743

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Raccoon stealer payload
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/211095/

Comments