MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58b415a4211b4ab0714cb45cfc92cc793c3f6ad8b1413c5f8320cfc77b5d2868. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58b415a4211b4ab0714cb45cfc92cc793c3f6ad8b1413c5f8320cfc77b5d2868
SHA3-384 hash: c1cda08c76c1444a632cfddf286747e907c183fb2b6af8e08a3c1e04afd08ea0c98a1aa2270e07f603d16c0fdbcd6b3a
SHA1 hash: 0e05d70debe1bba22a8012f15b2ae989d1280fa4
MD5 hash: f4d345160854af4c4ef11a99e6c8c445
humanhash: nitrogen-autumn-carpet-sodium
File name:f4d345160854af4c4ef11a99e6c8c445
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:9'207'608 bytes
First seen:2023-01-25 03:52:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ab329f8f72fc310f12d40c1ee53207e9 (1 x SystemBC, 1 x RaccoonStealer, 1 x Arechclient2)
ssdeep 98304:JzGeR/R0kIE/WqoMpk2pWzy7k1Yw9xLWjsAKU8MuT2DbAOocP8MUXIj3f+79Vvif:wU/J/1fWzyOYR9giRZJa1fKsD1LSZoa
Threatray 195 similar samples on MalwareBazaar
TLSH T11F962362F54822C6D4BA883A4737FD95F0B657DA4681883C14CDBCF536F29E8D60268F
TrID 42.7% (.EXE) Win32 Executable (generic) (4505/5/1)
19.2% (.EXE) OS/2 Executable (generic) (2029/13)
19.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.9% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 82c0a2aaaaaaaac0 (1 x RaccoonStealer)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
272
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f4d345160854af4c4ef11a99e6c8c445
Verdict:
Malicious activity
Analysis date:
2023-01-25 03:53:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1309d8bf-4687-49bc-877e-a2d6d44b8cda

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/356600/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/62905/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
overlay packed redline virus
Link:
https://www.filescan.io/uploads/63d0a7a196add6d1cf4879f6/reports/96b1bba5-7988-4580-85b8-63c10f958fe2/overview
Result
Verdict:
MALICIOUS
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/d89a834e-1be0-41d4-8d87-8b8fd11edf51
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1158462
Signature
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Query firmware table information (likely to detect VMs)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58b415a4211b4ab0714cb45cfc92cc793c3f6ad8b1413c5f8320cfc77b5d2868/
Threat name:
Win32.Adware.RedCap
Create hunting rule
Status:
Malicious
First seen:
2023-01-25 03:44:46 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
14 of 37 (37.84%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lc2bljbbdnfla4kmwropzewmpe6d62wywfatyx4dedh4o625fbua._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
20ac0c20a2ef71864092cdbcdb32bb637cf76abd2ebfc5b351a6c188b9dfd05d
RaccoonStealer
2a8e2ab611c7ea1a7c4e7b6fd50cef0a812ae4921a66d25106a039c90582ce29
RaccoonStealer
712c853955c56e27e3e4538978fa89018cdc5e5f56944ea0da2fc1a672adc73c
RaccoonStealer
a53f2bbe349eb40e02353375416cb15b0723606a9909b33f7930af9c82175fbf
RaccoonStealer
b62f5066357d2dfc94dec4d902f68f6e9e98a19a9aea6fb70d2811de384fd7a1
RaccoonStealer
c91e0e2bdcbfabbe34e3106b1f0efce7635b6a7ec07835fca4d16677feb39ea5
RaccoonStealer
dc401554533938f33c0c6cf36246e4fc21dc687d2d3f2925bfa9f7d62a2c5fbe
RaccoonStealer
+ 185 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/230125-efm6jsge6w/
Behaviour
GoLang User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
58b415a4211b4ab0714cb45cfc92cc793c3f6ad8b1413c5f8320cfc77b5d2868
MD5 hash:
f4d345160854af4c4ef11a99e6c8c445
SHA1 hash:
0e05d70debe1bba22a8012f15b2ae989d1280fa4
Link:
https://www.unpac.me/results/4f9825a6-e546-4799-830f-6c282aaa0fbe/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/58b415a4211b4ab0714cb45cfc92cc793c3f6ad8b1413c5f8320cfc77b5d2868

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 58b415a4211b4ab0714cb45cfc92cc793c3f6ad8b1413c5f8320cfc77b5d2868

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2517718/
Cape
Cape
https://www.capesandbox.com/analysis/356600/

Comments


Avatar
zbet commented on 2023-01-25 03:52:36 UTC

url : hxxp://157.90.251.179/avicapn32.exe