MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58a4a025ed89814733e8c04a72fe10f46fa06ee1a0b81a74436731e5baf0fb42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58a4a025ed89814733e8c04a72fe10f46fa06ee1a0b81a74436731e5baf0fb42
SHA3-384 hash: 8b53f3038e8c22ebc27b55243cc077bbd71ad19f5f7239d0fbc096d4e0680f0ddf7cf5b1f1b416b9d18011037c21c25c
SHA1 hash: 5097794c29dbd6a551a57ad86c9ce6b11ea0eba9
MD5 hash: c7f80490fb31359ad9b3e1845eac8d09
humanhash: tennessee-echo-early-alaska
File name:c7f80490fb31359ad9b3e1845eac8d09.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:433'152 bytes
First seen:2021-08-29 15:14:16 UTC
Last seen:2021-08-29 16:00:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4b4c01f67f5c879ace9f9895fe619c9c (2 x RaccoonStealer)
ssdeep 6144:dn1yycr50lzUyEnA2qCQ1tmiPwjEONc5BdNNy7Y1he1OO03kaV/LCZfAsI5/:hKGCjqCTiPSEONcfbS1NQXV/LCZJc
Threatray 3'186 similar samples on MalwareBazaar
TLSH T11A9401C5F5B5C136D5C256B18C6AD191266BFD20DA31818B36B80FAF3EB26C08A3D357
dhash icon 4839b2b0e8c38890 (105 x RaccoonStealer, 38 x Smoke Loader, 33 x RedLineStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c7f80490fb31359ad9b3e1845eac8d09.exe
Verdict:
Malicious activity
Analysis date:
2021-08-29 15:16:57 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/9371ceac-efc4-4235-aa05-b3cce18cbf4c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/183277/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader41.43253.18736.32120.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Connection attempt to an infection source
Connection attempt
Sending an HTTP POST request
Query of malicious DNS domain
Sending a TCP request to an infection source
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7eb367b8-58d0-4b77-9ea8-3e48e4b01288
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/841082
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/58a4a025ed89814733e8c04a72fe10f46fa06ee1a0b81a74436731e5baf0fb42/
Threat name:
Win32.Trojan.Raccoon
Create hunting rule
Status:
Malicious
First seen:
2021-08-29 09:35:08 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lcskajpnrgauom7iybfhf7qq6rx2a3xbuc4bu5cdm4y6loxq7nba._file
Verdict:
malicious
Similar samples:
0410182910dc03a416ec5421104e5e73b8476c0892aefc92b1aed9628984855b
RaccoonStealer
16165ccc830fd684b7ee45b9edc104b22f8a516a0e82c5a6655b464c794b4022
RaccoonStealer
3d59ac598ad756cfa7d56ea28d85071266ccfbcec2bc952600ff82fec99d633c
RaccoonStealer
60a1a8f99a505b8069487bf97d34f005c5ef208651b35950a38bb8dc9aa8ad89
RaccoonStealer
a6f0b3c49ac430d8d1e46dc1936c43ca12f90d39327ab157cb04844f9e04d8f2
RaccoonStealer
b0ccf88d4b5ae968794c601fd99c0af9c61d617693cdb9de743ca03a199c1ea2
RaccoonStealer
bf955e96dafd88ef3b4c926108800c1d220cf07fff9e7cc58086f2c70a81f245
RaccoonStealer
e9abbf811d367cf26f493d72ccd96749e534804ac27d36956dce0484b1440f25
RaccoonStealer
+ 3'176 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:fe582536ec580228180f270f7cb80a867860e010 discovery spyware stealer
Link:
https://tria.ge/reports/210829-y5xk185pz6/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
91111789e225d0c2623d5ae47fe53ce4016305d6166c02e7f3bb45dfaeb8e95e
MD5 hash:
fd7239fab324f34aaa02960120b99421
SHA1 hash:
97c2b2c5a3aba529c54122111cb81b9392fe5265
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/d8f54974-0a39-421a-b47d-85ac7d0515da/
Parent samples :
5ec701c3f9cbe0d01bfe160d9346f77579c6eaa3acbfcd206b9b463db03820b6
16165ccc830fd684b7ee45b9edc104b22f8a516a0e82c5a6655b464c794b4022
858aa76a13406d52444536560c091e23e1e36577ac764deb88f4f454c099b97b
954628d5beb64defb4c66838c0745e744aedf316bcc684b7ba7c32586d7f953a
a6f0b3c49ac430d8d1e46dc1936c43ca12f90d39327ab157cb04844f9e04d8f2
bf955e96dafd88ef3b4c926108800c1d220cf07fff9e7cc58086f2c70a81f245
f8087ec5ac9908092bf0330cd1605b0ab37f2e29b17afb486a8c734e2ecf2c01
0410182910dc03a416ec5421104e5e73b8476c0892aefc92b1aed9628984855b
60a1a8f99a505b8069487bf97d34f005c5ef208651b35950a38bb8dc9aa8ad89
fccb4b00bfba2af4714e35dc3c22dced1716721b7ab7a4f0a0e8d6e5f9a8dfb1
91be56f38674a320e000b78a5ff4061ef4cb06f61a6cbfe430b32f24d1ddb0e0
cee519c7b8be44a5048a55e8b8970a49629a6fe9a866c57061847e7592141b42
fb3a350ded60132a8ca7cb00987c4581ef244fd41128141808d3424001d4bf24
37be424a71c3c45d00c439ce762c6fe14c64cb02ca0d3f0fa03ba6cd26eba91d
d31c6b31cfc96b9bf3e3c6429ee0f33770b336f45d433e7b4f2457cd747d8ef5
a9c5e32e57a9ce99afe5140a3e02b65492aff1904e0dea9b57762f777f1221c0
967ded397e18cced0157f172cea7183c3571817fea99e3a1bb0a91a3b52e665f
75b4dca03aac6933e4f2f22df735da98c918435c2d09677b183db5416744ecd3
794d14e6a88c2c5df38c27c71edbe0d2f0462fc63c67e39144339dc87c20eb1c
7357b2864800050c1ad92e4447e1399127a5716fb9d4465d798a53ece929454c
01d7dce654258b590fbbc580522d18a4d3079900c0d936ace386c7d22c759de6
bed57529997a2442dec9acba07587037955ab123d68723b215a3eb52d5ed79d4
659054eed025866186a4bc0053730c5a1c0bba695dc019fa558b29d018e9d055
3c66a4abb778c15c78c9fad7e119a38d3dd423569430fa1d2a70c243dcf9044a
985091b0ad7938f24e5a73dbe8d869d1399545af79a6c7f269a0ca82754e7b15
9515a749f8b4726fd19960ed1c493f4e99c7ff78140b85524fea0db42eb982a2
db99c0aef3016fe2ea6d3172f4493775270a13a177af4ce19a2c56fa95096737
87dc47ab7b0a1601e78a0eab3d84b59df589dc0c9567812a59caf34f4785fc75
2fb28bf59adc3f11c4643a43bd7583df849c22e59c0185efde750a354a9aadf3
33c1310b2f87420819dce65ad5804b459650076580e9780f7a8c755ce994968d
67c798fa66f431640bbe46c525ac2de543a2c2e7b6cc59e5967d8bc5d37b01cb
97298d62b017d407648414455e98ecc371aa405c5dd9071371fe0ae76ce4e847
b81f37d3309cc2244ee7842486f69e408cc82048199beae43339d1c0ec956a1f
848b38077dee89f1c2f4dd7696007020643f767f88816ea7d345da49e59a7097
1b4d4888df7a07d7a2d2f9f6701b834c254548a0ed9f4602ecb114e1a92eacd4
eb6ac5caf1ad01b01f9f32b4aa60a27c97d24b1b77903ae407641dfd149a715e
70a7ea01f9b72bce12827971f0208c90d631535ba2d96286a67cacf6e62a13cf
7de4221ec5d702eb52286c59b5e63f8637cb4bdde5ab7bbac8b66b5bcbca2a3f
cd2c1dedbc8879403936ce9f750eed4acc6c2422088c7180377c88c58ad1226c
106f44512e66537d4e5f1b0b08c561951882eb3bdf5e648cebb4c5a9a2ba3c8a
552f188d43cfaa780bd675e6bda5cee09343d7e4f141eaec8d716aa1d62694e2
8bbb2744b45feea5115cf0da55e4bdd4eec08b4bb64992e41aca8aef68304b43
ea37e566aca7bafee068385eda34b4f3b3bb1cfb71d1b83b2f6e255c879e3d28
1eafd3db9ba42f6682aae969d90f2fd2f986093a9592e36f7012d7532321e52d
2b18d06c8dcd5526c85b3adec55515b410b2c80ea586d26e02f3c238b93579b8
16ec891cdea96c9a6053fa67e3e9ff7b04ae5ec0746a2c27eb3375dd8a16c489
15d10737b362b3d02fb10e0eb1062776eba9b97212ce0160391a839dc7ae4954
bc67d08fecc53f790347e8b4eb78d354c0a26d0c7820276c1eee632169e527e0
70d02b5e6758d20721499069a5d703315a1009e3f7724a02b8f5a6b63053b1c6
b6b51b1ee6abf96a7bffd543c7736e5f3920d2cc299eef1a5f6c812d2af0fc07
cc64a8243582378c46ab8b2f3c69a544fe522934856701756cb612492d59085d
60ce6215a7799a4661dea4709e402707cc6d54d30847fd336d038512335424bf
1057e32209c7a104a08941ae6c45b17cf9fd2ee3a28117d3e1e9023134e116a2
c61a7a04eb5fcbba3cfc1e64a109555fbbc24a2728cd5d61ac22d2944f24d295
88d792c95b14d7c26498e191ef9ea809e857b56c34381c0c01caca7d3d9e162b
50864affbe84c631e39e3998f21132f6ff361fb26adec30832ceb7e779573b21
977f93ecd23782a1232275938ab8ccf8f1fd43eab6398c07277a3da7b4e22319
38a76a38586847bd27410508db3542adfdc2b0db18935c6fd0ea592f6072a846
47c68a4ebf7caa03be816b483ff6b037bf6a75e2a40dee3cdd3a58bdec4e7a59
c496418015059b9a51ed09dd0849efd8c8c4ef886bad6adb8a1ee41dc6b4195d
e2281e35d1a66eab62c14aa7dc8b1d78e3cfcefe421edba720433d20806b159e
0948e6455258ff56b36f9fd83f8084614376b11ffba6dc195b28d088bf41045e
030150e033ae9ace40cdaef538f5c8b67074680a5a4ac5513793ec3979b5dfaf
1c9c8e55430bf1affab8777f70f42f369f457e089e5c49dcb09ff11918f25d37
a38ab2981af3a4b092722586161bd010b62843fde5b70db6ffdaf21f62bbf3bf
1d5b96478e7fe484db4b8de6828c03b7a5cbe38e53dbdacde6eb6fdc29757d4e
bbba3f28facdb9d2e5fee7e4da7d1fa78a32ee0abe95b576184c873925d1156f
583530c52abee0290a36a665b500bc6f601021ebde84d6011d8c4c40f138dd09
b23a0980544636d7ddab2240c547ed6e9b8c6f69e2b777ec1f1d12dd0ab9b09f
ad4cceda52323b7dd142a3f3db1134918b195dde018399a0dc414f91cde6e23a
88eb1d2080008cf1a808aee3944d3866e117870ea0a044b6ea43630b80d3afd5
17063a46e83079e4cd2d9cb8309fe04ba7cdcc492b3ee77db8fb34a92c388909
b651d89218869ad000fbc5adce938959870296a9af7c787f8b52a854231e336d
b4a38cdc08d6ea14007623ffcfd4f58cd92f69bd5d5b338a887f654ac64bc70d
59009e44b1435b3670b6e90a7fb319af6618ec7a44abef14cbe2f68a0ab7d491
db2a28f76862ebf16aae7dcdcd41535704f4ec084bd0707a61d8f0a227fc3c68
fbf66b36caea2090f1fa1537b24805df029a73f373a49664eb95e910197cdf86
c62e9ed2d6068ce6ae709c5b0ec3c48ba41498134e612c22299327bf6dab8e3f
268ff41072428afa2eae77ca304522197e33db8dfeb61cd5524dbe9c120a96c6
93a8b82b3e9b2b1697b0874eec3efa8bb43c9e2a0d0d5163492b6f08eb6462b4
993324955100beb9c2426b5b82293c60bc63fc1b054fc47ca6ede4a11cf564bf
4b72193efa0ec645714d27582038da1f3794bea0b05acb2ac757df913e35fde7
b4530472faa0dc34cc4d8c390f02b6449fc40f2fbc9cb4b108a2b2d41b15e277
32cb92c6b07feef0a52b21d13547bd66791dae77d53a624459086e4cb21fb13c
7fb28e13ca6e4187b70c312d65abbf5dfc207bb877f47f1c2bb6faf0e6e130eb
e971ee39b8ba93c0bb6c4b3191a3480c067fbbebb286c20cdc26e3ebb92a4078
58a4a025ed89814733e8c04a72fe10f46fa06ee1a0b81a74436731e5baf0fb42
f5f5ced262e7b06f44c049bba0a1ba17b5f261621d5dd93a2e41f7b5a0859e20
44bc314dee6f54dac04db053c1d5d65f001d4f371ff01bcf4e36821f3bf47f82
99547e82cbf693928284b522aa0e0ade72042efd20ec5055792013bf43d5218b
243afbc5dfb2ce1b27d5c1b92c82f6b8e37234368d2cb6af2045887e90a7d99f
d2487c548fa7d3a63899313c1055ec39f1505be6403080da3eb69aaad8675785
86f0619743de3216bc1fd0dbfd51922d7948ad03ff77bbad866b80cad8246265
e9e5f98e1ef7ad74f21d88f794f77b3a7b2ff5225566de877142b94618c99d7c
374b11a2249f29f646d71e82f25c6c1fb4885a9b12e1140640898bff1dbe8860
b116e410c3782d02bead5040dd0db95c651b25508eab6d745c589dd9d4d03f6c
852128c6df8dfe65c00420f8e3cb6871c4f5c2f0dc54e625651d80df1e8181f5
ee6f5a46dd133c8ed9c4776cc68a410eb1b43c5b7358bcf02d0bb02c999c15cf
d67e5afc33595cbe61abd760432a1b0cc69111009b001885eb5d389756b1c7d7
d8b12aaba1dac826186533cddabfca531cba085aaf133b506274aa8b25edb538
f584f1003f8cc6767461c6e67a6b96f9d8779cc27212712185fb7aaf8f569ce6
2281ba396f43698d35847d42bf12ef20fe88be8d754d5c0fb92b2d4a81168d5e
a12275aa81c6bad597524ee38456b876ab4f6bd9b9dadfb178eef9348debd3f3
2ab562879ac4a4b2206690a69f0ad554039ea342b8c19df49c46dcd4adce9fbe
bea0ca66f614822bfc0f10540491336406e6b64ac23d9b17beec4bef57d7907e
559bdc30914b4bf180fe02065e0c58c05673d21cbad350668b5e055f12f180f2
f496b1e5f8cddecb0f7524d1d417142d4d70fa0d805672c92008e20e943b3a8b
14a0212c393bf55f873eca41cafc64ebe116e0327b78fc699a1fc8e4b9da9f9a
a457d8e2fd8793653224c3e906c19ca23487de6881d1fd39c4652f336957ab5d
3ae0a9d38c7e7ff2c785b1be78535afb96373367893fed9d64e294edcb00b597
e0939b426b36e4600f0118fc651ade00694d6e27ccb93c8178fc9fe681fb7cce
62dc6d106cefc8277867d471d1345ce176b7670e464104f74cda40f15a3a5515
124d47e038ccb87dc5077167f25806d9ed749c1a2d2803f1d679a18206cd9da6
2457694ff7a2d4ec5881b14863764a2aea6f16e41daec0998ca45c53f435d8b3
ca4c6b0f3eb1ea5120e751d5a94e6152b81a3f0eb6b1de5ea77ee0b0ad253c40
23e90f7107a6965ebfaf5fcf719feb3fff0b41747a8fd46713ac7cbef4535dc9
e4c826244f01a7c81d9fa83e0aed1e783714abd0556b663777bc5d8760f42c99
4ddbe3f17b66b05190193dcd1590024693227ee75fe79c5c753f6384d8004940
3de468b9b2a109de4431405cc72d375c7521ae4c9de6d72f00dba315cfdf264d
6d9f28b4085f6c72d6ce1d99fa7fc08d0187a5ca68dfb3aa362c49e53467bfdd
cfa6b6f011518b09676b544189184ab180f77cee281ca7728255fe05077bb2c8
a4a2a6d7b0b443f586660eaa8f71e78f207a97c2d1854b52ed2ec9516c2f97cf
c7ab3fedd7fe8c76b55e799489445d63d48e11ba05eabc8be5436de4daeedad5
d4fa264846d76739bf55519f7fe15f233fcd233d2b04fbeff11fff0459cec60b
74767ac4568804aa346e8519737f6aa4e8b67133da1782aac8fd12110858ef91
87bdc3438fc88826fa826f8f6ef5f9eb518fd63eddde1e8b371a96ae2ab0a3fb
2f274e4e795a20d8a6d0ef023785abbb5e9dbf46dc4bd0dbe39b7a173299e94b
9fab210c530bf2475c94f693b0dce0f4b296c4a5a307187c6a7f6e50eded85dd
49b5be7c7644cc6a61aa0256f26228f6acdf0cf6666f3deb4c9abfa750601037
50628be4316a6d012ec3280223605c73febaa00d16aa0c2e109c2450568b73dc
b1f940c8ab2f421e71d21f6a384077bffa86e00669d9c80282c54edd0aeefcf0
5a5e2e62221a4162a1aa529ec6052615c5dcc09fd896cbd98666720f5b643547
ce4d38682dfc47d1573fa549f92e4d86277e959461eeeb083ac3ea8eb68ee493
d170d032098f9e8cfe9543bd898360177818bb6e6c47c76b60f3cc15bd008acb
8dd2883562192b8cd39120419d090a4b17388d6fc304f04d185ee3d2f18c1874
4c975dfed1a62a75bc8c35e7369c10a7d09cd8f03864af6ead9dfe6eceac3427
7138939aea01f9a6297eaafc2d0b61826b2a2ed8996bd2443d69a2ce454f747a
d2571368e905d848a83fd5ab2d25c5d2a91c5705243ca558b5d751dcec89ddaa
3f30913abb825f399fbe1e20378a1b2c24bbe1c91770b63d30c9e22ee77ead04
f3a77b593a000558bb8e09aa0d936137654e3b6c527532bd1e384a4e4d81896c
42b4995177469966fd17d3efe6df8b16a94727993a63041b6320043536997e1b
c8b9c67e88433a5dc3de557658cb99677a4ecf6fdef6a790e48f5311444800c1
36198e5386e35543868f300ca7e3daeaaa78278b407bc012e354cd7aaadff67e
a69aab2844cd1c1e9ae37f50742e017a9dfbca40e21e9053970ba801fa6aa71a
8bf4053138613b27eb0730cee09e5eec606257976588c8d4f219632023bbddc6
a4d043feb2c0cae1d956ad0a79a42c9574654fee4383dd1aff7facd2b2506387
eaa851a1838fd5148238b0899c1a08c5372885ba89e45d58ebe47922f46d1e6e
9a714aed20c17582c161cb8f894c7240824b7d01826da8dbdd4c3664ec151e69
2fe8cb3f4282a23738fc6865cd6e3db44ac6b05f71b211d0d48e523da9998d18
781318bb07cf6ff90cb6a0a9aaa0b78b660b9cfb59f2aa323e9d742d42ddc047
33cbd7e17f592ed4d8cfe74ad10370dc11cd6716737376ad7037bcfcf851d0cf
b0e82b612bd3365c012620277c51e198d5598db7929f5a052ab955505fa09f55
6ec5f9e5771116af0e9bd66707b11c99c1200f77d59e1b3c83ade7d7f7d6d099
c35eedcc8bf96a803602d28b7597f7eb4874277ef31508e1ab7f4dcb63c49bf4
SH256 hash:
58a4a025ed89814733e8c04a72fe10f46fa06ee1a0b81a74436731e5baf0fb42
MD5 hash:
c7f80490fb31359ad9b3e1845eac8d09
SHA1 hash:
5097794c29dbd6a551a57ad86c9ce6b11ea0eba9
Link:
https://www.unpac.me/results/d8f54974-0a39-421a-b47d-85ac7d0515da/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/58a4a025ed89814733e8c04a72fe10f46fa06ee1a0b81a74436731e5baf0fb42

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 58a4a025ed89814733e8c04a72fe10f46fa06ee1a0b81a74436731e5baf0fb42

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/183277/
  
URLhaus
https://urlhaus.abuse.ch/url/1574297/
  
Delivery method
Distributed via web download

Comments