MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60ce6215a7799a4661dea4709e402707cc6d54d30847fd336d038512335424bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs 1 YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60ce6215a7799a4661dea4709e402707cc6d54d30847fd336d038512335424bf
SHA3-384 hash: 6c402e16f52602e97fb97e733484eb693e8c686690be87be6fa10449e8b3d1d4d96d35b662c22f46083dbe3017c8111b
SHA1 hash: 9191a57c208dd6e01db0399fc1cd1010832e2119
MD5 hash: d6a85c49b8672fd9b80cc96d05f8c631
humanhash: tennessee-muppet-oregon-angel
File name:d6a85c49b8672fd9b80cc96d05f8c631.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:492'032 bytes
First seen:2021-08-24 16:07:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3bdc58d7d3add14fdfc74404aa032a2d (7 x RaccoonStealer, 3 x RedLineStealer, 2 x CoinMiner)
ssdeep 12288:MoioHfTuzovtIjw1oRIz8jTxsTIgMsVuEcF:MoRHf5ujMoOYjTxsT84O
Threatray 2'528 similar samples on MalwareBazaar
TLSH T101A40200B6B0C533C495557188D5CEA0EA6DB9726FB059873BDCEE9F1F312E1322A35A
dhash icon 4839b2b4e8c38890 (137 x RaccoonStealer, 37 x Smoke Loader, 30 x RedLineStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://185.234.247.35/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://185.234.247.35/ https://threatfox.abuse.ch/ioc/193640/

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d6a85c49b8672fd9b80cc96d05f8c631.exe
Verdict:
Malicious activity
Analysis date:
2021-08-24 16:07:49 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/14a653d7-563f-4115-8924-2f33544311fe

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/181966/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.23369.18253.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Connection attempt to an infection source
Connection attempt
Sending an HTTP POST request
Sending a UDP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ea8fde84-e273-4671-9636-c1663b635300
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/838431
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 470862 Sample: PAl7Ownglk.exe Startdate: 24/08/2021 Architecture: WINDOWS Score: 80 46 Found malware configuration 2->46 48 Multi AV Scanner detection for submitted file 2->48 50 Yara detected Raccoon Stealer 2->50 52 2 other signatures 2->52 6 PAl7Ownglk.exe 80 2->6         started        process3 dnsIp4 42 telete.in 195.201.225.248, 443, 49706 HETZNER-ASDE Germany 6->42 44 185.234.247.35, 49707, 49725, 49726 INTERKONEKT-ASPL Russian Federation 6->44 20 C:\Users\user\AppData\LocalLow\sqlite3.dll, PE32 6->20 dropped 22 C:\Users\user\AppData\...\vcruntime140.dll, PE32 6->22 dropped 24 C:\Users\user\AppData\...\ucrtbase.dll, PE32 6->24 dropped 26 56 other files (none is malicious) 6->26 dropped 54 Tries to steal Mail credentials (via file access) 6->54 56 Tries to harvest and steal browser information (history, passwords, etc) 6->56 11 WerFault.exe 9 6->11         started        14 WerFault.exe 9 6->14         started        16 WerFault.exe 9 6->16         started        18 7 other processes 6->18 file5 signatures6 process7 file8 28 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 11->28 dropped 30 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 14->30 dropped 32 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 16->32 dropped 34 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 18->34 dropped 36 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 18->36 dropped 38 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 18->38 dropped 40 3 other malicious files 18->40 dropped
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/60ce6215a7799a4661dea4709e402707cc6d54d30847fd336d038512335424bf/
Threat name:
Win32.Backdoor.Convagent
Create hunting rule
Status:
Malicious
First seen:
2021-08-24 16:08:06 UTC
AV detection:
21 of 43 (48.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mdhgefnhpgnemyo6uryj4qbha7gg2vgtbbd72m3naocrem2ues7q._file
Verdict:
malicious
Similar samples:
0410182910dc03a416ec5421104e5e73b8476c0892aefc92b1aed9628984855b
RaccoonStealer
16165ccc830fd684b7ee45b9edc104b22f8a516a0e82c5a6655b464c794b4022
RaccoonStealer
a6f0b3c49ac430d8d1e46dc1936c43ca12f90d39327ab157cb04844f9e04d8f2
RaccoonStealer
b0ccf88d4b5ae968794c601fd99c0af9c61d617693cdb9de743ca03a199c1ea2
RaccoonStealer
bf955e96dafd88ef3b4c926108800c1d220cf07fff9e7cc58086f2c70a81f245
RaccoonStealer
dca102c7e82eadf4ed9610081714bf04462e486ae00921d52acc850374aa4141
RaccoonStealer
e9abbf811d367cf26f493d72ccd96749e534804ac27d36956dce0484b1440f25
RaccoonStealer
f5e61fcc4300b16d273ba8e0a957ad8cc89f757d5329409cfed0dea6ae64c322
RaccoonStealer
+ 2'518 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:fe582536ec580228180f270f7cb80a867860e010 discovery spyware stealer
Link:
https://tria.ge/reports/210824-hj3ra27vm6/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
91111789e225d0c2623d5ae47fe53ce4016305d6166c02e7f3bb45dfaeb8e95e
MD5 hash:
fd7239fab324f34aaa02960120b99421
SHA1 hash:
97c2b2c5a3aba529c54122111cb81b9392fe5265
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/14a89216-74a7-4280-acac-1352e5298927/
Parent samples :
5ec701c3f9cbe0d01bfe160d9346f77579c6eaa3acbfcd206b9b463db03820b6
16165ccc830fd684b7ee45b9edc104b22f8a516a0e82c5a6655b464c794b4022
858aa76a13406d52444536560c091e23e1e36577ac764deb88f4f454c099b97b
954628d5beb64defb4c66838c0745e744aedf316bcc684b7ba7c32586d7f953a
a6f0b3c49ac430d8d1e46dc1936c43ca12f90d39327ab157cb04844f9e04d8f2
bf955e96dafd88ef3b4c926108800c1d220cf07fff9e7cc58086f2c70a81f245
f8087ec5ac9908092bf0330cd1605b0ab37f2e29b17afb486a8c734e2ecf2c01
0410182910dc03a416ec5421104e5e73b8476c0892aefc92b1aed9628984855b
60a1a8f99a505b8069487bf97d34f005c5ef208651b35950a38bb8dc9aa8ad89
fccb4b00bfba2af4714e35dc3c22dced1716721b7ab7a4f0a0e8d6e5f9a8dfb1
91be56f38674a320e000b78a5ff4061ef4cb06f61a6cbfe430b32f24d1ddb0e0
cee519c7b8be44a5048a55e8b8970a49629a6fe9a866c57061847e7592141b42
fb3a350ded60132a8ca7cb00987c4581ef244fd41128141808d3424001d4bf24
37be424a71c3c45d00c439ce762c6fe14c64cb02ca0d3f0fa03ba6cd26eba91d
d31c6b31cfc96b9bf3e3c6429ee0f33770b336f45d433e7b4f2457cd747d8ef5
a9c5e32e57a9ce99afe5140a3e02b65492aff1904e0dea9b57762f777f1221c0
967ded397e18cced0157f172cea7183c3571817fea99e3a1bb0a91a3b52e665f
75b4dca03aac6933e4f2f22df735da98c918435c2d09677b183db5416744ecd3
794d14e6a88c2c5df38c27c71edbe0d2f0462fc63c67e39144339dc87c20eb1c
7357b2864800050c1ad92e4447e1399127a5716fb9d4465d798a53ece929454c
01d7dce654258b590fbbc580522d18a4d3079900c0d936ace386c7d22c759de6
bed57529997a2442dec9acba07587037955ab123d68723b215a3eb52d5ed79d4
659054eed025866186a4bc0053730c5a1c0bba695dc019fa558b29d018e9d055
3c66a4abb778c15c78c9fad7e119a38d3dd423569430fa1d2a70c243dcf9044a
985091b0ad7938f24e5a73dbe8d869d1399545af79a6c7f269a0ca82754e7b15
9515a749f8b4726fd19960ed1c493f4e99c7ff78140b85524fea0db42eb982a2
db99c0aef3016fe2ea6d3172f4493775270a13a177af4ce19a2c56fa95096737
87dc47ab7b0a1601e78a0eab3d84b59df589dc0c9567812a59caf34f4785fc75
2fb28bf59adc3f11c4643a43bd7583df849c22e59c0185efde750a354a9aadf3
33c1310b2f87420819dce65ad5804b459650076580e9780f7a8c755ce994968d
67c798fa66f431640bbe46c525ac2de543a2c2e7b6cc59e5967d8bc5d37b01cb
97298d62b017d407648414455e98ecc371aa405c5dd9071371fe0ae76ce4e847
b81f37d3309cc2244ee7842486f69e408cc82048199beae43339d1c0ec956a1f
848b38077dee89f1c2f4dd7696007020643f767f88816ea7d345da49e59a7097
1b4d4888df7a07d7a2d2f9f6701b834c254548a0ed9f4602ecb114e1a92eacd4
eb6ac5caf1ad01b01f9f32b4aa60a27c97d24b1b77903ae407641dfd149a715e
70a7ea01f9b72bce12827971f0208c90d631535ba2d96286a67cacf6e62a13cf
7de4221ec5d702eb52286c59b5e63f8637cb4bdde5ab7bbac8b66b5bcbca2a3f
cd2c1dedbc8879403936ce9f750eed4acc6c2422088c7180377c88c58ad1226c
106f44512e66537d4e5f1b0b08c561951882eb3bdf5e648cebb4c5a9a2ba3c8a
552f188d43cfaa780bd675e6bda5cee09343d7e4f141eaec8d716aa1d62694e2
8bbb2744b45feea5115cf0da55e4bdd4eec08b4bb64992e41aca8aef68304b43
ea37e566aca7bafee068385eda34b4f3b3bb1cfb71d1b83b2f6e255c879e3d28
1eafd3db9ba42f6682aae969d90f2fd2f986093a9592e36f7012d7532321e52d
2b18d06c8dcd5526c85b3adec55515b410b2c80ea586d26e02f3c238b93579b8
16ec891cdea96c9a6053fa67e3e9ff7b04ae5ec0746a2c27eb3375dd8a16c489
15d10737b362b3d02fb10e0eb1062776eba9b97212ce0160391a839dc7ae4954
bc67d08fecc53f790347e8b4eb78d354c0a26d0c7820276c1eee632169e527e0
70d02b5e6758d20721499069a5d703315a1009e3f7724a02b8f5a6b63053b1c6
b6b51b1ee6abf96a7bffd543c7736e5f3920d2cc299eef1a5f6c812d2af0fc07
cc64a8243582378c46ab8b2f3c69a544fe522934856701756cb612492d59085d
60ce6215a7799a4661dea4709e402707cc6d54d30847fd336d038512335424bf
1057e32209c7a104a08941ae6c45b17cf9fd2ee3a28117d3e1e9023134e116a2
c61a7a04eb5fcbba3cfc1e64a109555fbbc24a2728cd5d61ac22d2944f24d295
88d792c95b14d7c26498e191ef9ea809e857b56c34381c0c01caca7d3d9e162b
50864affbe84c631e39e3998f21132f6ff361fb26adec30832ceb7e779573b21
977f93ecd23782a1232275938ab8ccf8f1fd43eab6398c07277a3da7b4e22319
38a76a38586847bd27410508db3542adfdc2b0db18935c6fd0ea592f6072a846
47c68a4ebf7caa03be816b483ff6b037bf6a75e2a40dee3cdd3a58bdec4e7a59
c496418015059b9a51ed09dd0849efd8c8c4ef886bad6adb8a1ee41dc6b4195d
e2281e35d1a66eab62c14aa7dc8b1d78e3cfcefe421edba720433d20806b159e
0948e6455258ff56b36f9fd83f8084614376b11ffba6dc195b28d088bf41045e
030150e033ae9ace40cdaef538f5c8b67074680a5a4ac5513793ec3979b5dfaf
1c9c8e55430bf1affab8777f70f42f369f457e089e5c49dcb09ff11918f25d37
a38ab2981af3a4b092722586161bd010b62843fde5b70db6ffdaf21f62bbf3bf
1d5b96478e7fe484db4b8de6828c03b7a5cbe38e53dbdacde6eb6fdc29757d4e
bbba3f28facdb9d2e5fee7e4da7d1fa78a32ee0abe95b576184c873925d1156f
583530c52abee0290a36a665b500bc6f601021ebde84d6011d8c4c40f138dd09
b23a0980544636d7ddab2240c547ed6e9b8c6f69e2b777ec1f1d12dd0ab9b09f
ad4cceda52323b7dd142a3f3db1134918b195dde018399a0dc414f91cde6e23a
88eb1d2080008cf1a808aee3944d3866e117870ea0a044b6ea43630b80d3afd5
17063a46e83079e4cd2d9cb8309fe04ba7cdcc492b3ee77db8fb34a92c388909
b651d89218869ad000fbc5adce938959870296a9af7c787f8b52a854231e336d
b4a38cdc08d6ea14007623ffcfd4f58cd92f69bd5d5b338a887f654ac64bc70d
59009e44b1435b3670b6e90a7fb319af6618ec7a44abef14cbe2f68a0ab7d491
db2a28f76862ebf16aae7dcdcd41535704f4ec084bd0707a61d8f0a227fc3c68
fbf66b36caea2090f1fa1537b24805df029a73f373a49664eb95e910197cdf86
c62e9ed2d6068ce6ae709c5b0ec3c48ba41498134e612c22299327bf6dab8e3f
268ff41072428afa2eae77ca304522197e33db8dfeb61cd5524dbe9c120a96c6
93a8b82b3e9b2b1697b0874eec3efa8bb43c9e2a0d0d5163492b6f08eb6462b4
993324955100beb9c2426b5b82293c60bc63fc1b054fc47ca6ede4a11cf564bf
4b72193efa0ec645714d27582038da1f3794bea0b05acb2ac757df913e35fde7
b4530472faa0dc34cc4d8c390f02b6449fc40f2fbc9cb4b108a2b2d41b15e277
32cb92c6b07feef0a52b21d13547bd66791dae77d53a624459086e4cb21fb13c
7fb28e13ca6e4187b70c312d65abbf5dfc207bb877f47f1c2bb6faf0e6e130eb
e971ee39b8ba93c0bb6c4b3191a3480c067fbbebb286c20cdc26e3ebb92a4078
58a4a025ed89814733e8c04a72fe10f46fa06ee1a0b81a74436731e5baf0fb42
f5f5ced262e7b06f44c049bba0a1ba17b5f261621d5dd93a2e41f7b5a0859e20
44bc314dee6f54dac04db053c1d5d65f001d4f371ff01bcf4e36821f3bf47f82
99547e82cbf693928284b522aa0e0ade72042efd20ec5055792013bf43d5218b
243afbc5dfb2ce1b27d5c1b92c82f6b8e37234368d2cb6af2045887e90a7d99f
d2487c548fa7d3a63899313c1055ec39f1505be6403080da3eb69aaad8675785
86f0619743de3216bc1fd0dbfd51922d7948ad03ff77bbad866b80cad8246265
e9e5f98e1ef7ad74f21d88f794f77b3a7b2ff5225566de877142b94618c99d7c
374b11a2249f29f646d71e82f25c6c1fb4885a9b12e1140640898bff1dbe8860
b116e410c3782d02bead5040dd0db95c651b25508eab6d745c589dd9d4d03f6c
852128c6df8dfe65c00420f8e3cb6871c4f5c2f0dc54e625651d80df1e8181f5
ee6f5a46dd133c8ed9c4776cc68a410eb1b43c5b7358bcf02d0bb02c999c15cf
d67e5afc33595cbe61abd760432a1b0cc69111009b001885eb5d389756b1c7d7
d8b12aaba1dac826186533cddabfca531cba085aaf133b506274aa8b25edb538
f584f1003f8cc6767461c6e67a6b96f9d8779cc27212712185fb7aaf8f569ce6
2281ba396f43698d35847d42bf12ef20fe88be8d754d5c0fb92b2d4a81168d5e
a12275aa81c6bad597524ee38456b876ab4f6bd9b9dadfb178eef9348debd3f3
2ab562879ac4a4b2206690a69f0ad554039ea342b8c19df49c46dcd4adce9fbe
bea0ca66f614822bfc0f10540491336406e6b64ac23d9b17beec4bef57d7907e
559bdc30914b4bf180fe02065e0c58c05673d21cbad350668b5e055f12f180f2
f496b1e5f8cddecb0f7524d1d417142d4d70fa0d805672c92008e20e943b3a8b
14a0212c393bf55f873eca41cafc64ebe116e0327b78fc699a1fc8e4b9da9f9a
a457d8e2fd8793653224c3e906c19ca23487de6881d1fd39c4652f336957ab5d
3ae0a9d38c7e7ff2c785b1be78535afb96373367893fed9d64e294edcb00b597
e0939b426b36e4600f0118fc651ade00694d6e27ccb93c8178fc9fe681fb7cce
62dc6d106cefc8277867d471d1345ce176b7670e464104f74cda40f15a3a5515
124d47e038ccb87dc5077167f25806d9ed749c1a2d2803f1d679a18206cd9da6
2457694ff7a2d4ec5881b14863764a2aea6f16e41daec0998ca45c53f435d8b3
ca4c6b0f3eb1ea5120e751d5a94e6152b81a3f0eb6b1de5ea77ee0b0ad253c40
23e90f7107a6965ebfaf5fcf719feb3fff0b41747a8fd46713ac7cbef4535dc9
e4c826244f01a7c81d9fa83e0aed1e783714abd0556b663777bc5d8760f42c99
4ddbe3f17b66b05190193dcd1590024693227ee75fe79c5c753f6384d8004940
3de468b9b2a109de4431405cc72d375c7521ae4c9de6d72f00dba315cfdf264d
6d9f28b4085f6c72d6ce1d99fa7fc08d0187a5ca68dfb3aa362c49e53467bfdd
cfa6b6f011518b09676b544189184ab180f77cee281ca7728255fe05077bb2c8
a4a2a6d7b0b443f586660eaa8f71e78f207a97c2d1854b52ed2ec9516c2f97cf
c7ab3fedd7fe8c76b55e799489445d63d48e11ba05eabc8be5436de4daeedad5
d4fa264846d76739bf55519f7fe15f233fcd233d2b04fbeff11fff0459cec60b
74767ac4568804aa346e8519737f6aa4e8b67133da1782aac8fd12110858ef91
87bdc3438fc88826fa826f8f6ef5f9eb518fd63eddde1e8b371a96ae2ab0a3fb
2f274e4e795a20d8a6d0ef023785abbb5e9dbf46dc4bd0dbe39b7a173299e94b
9fab210c530bf2475c94f693b0dce0f4b296c4a5a307187c6a7f6e50eded85dd
49b5be7c7644cc6a61aa0256f26228f6acdf0cf6666f3deb4c9abfa750601037
50628be4316a6d012ec3280223605c73febaa00d16aa0c2e109c2450568b73dc
b1f940c8ab2f421e71d21f6a384077bffa86e00669d9c80282c54edd0aeefcf0
5a5e2e62221a4162a1aa529ec6052615c5dcc09fd896cbd98666720f5b643547
ce4d38682dfc47d1573fa549f92e4d86277e959461eeeb083ac3ea8eb68ee493
d170d032098f9e8cfe9543bd898360177818bb6e6c47c76b60f3cc15bd008acb
8dd2883562192b8cd39120419d090a4b17388d6fc304f04d185ee3d2f18c1874
4c975dfed1a62a75bc8c35e7369c10a7d09cd8f03864af6ead9dfe6eceac3427
7138939aea01f9a6297eaafc2d0b61826b2a2ed8996bd2443d69a2ce454f747a
d2571368e905d848a83fd5ab2d25c5d2a91c5705243ca558b5d751dcec89ddaa
3f30913abb825f399fbe1e20378a1b2c24bbe1c91770b63d30c9e22ee77ead04
f3a77b593a000558bb8e09aa0d936137654e3b6c527532bd1e384a4e4d81896c
42b4995177469966fd17d3efe6df8b16a94727993a63041b6320043536997e1b
c8b9c67e88433a5dc3de557658cb99677a4ecf6fdef6a790e48f5311444800c1
36198e5386e35543868f300ca7e3daeaaa78278b407bc012e354cd7aaadff67e
a69aab2844cd1c1e9ae37f50742e017a9dfbca40e21e9053970ba801fa6aa71a
8bf4053138613b27eb0730cee09e5eec606257976588c8d4f219632023bbddc6
a4d043feb2c0cae1d956ad0a79a42c9574654fee4383dd1aff7facd2b2506387
eaa851a1838fd5148238b0899c1a08c5372885ba89e45d58ebe47922f46d1e6e
9a714aed20c17582c161cb8f894c7240824b7d01826da8dbdd4c3664ec151e69
2fe8cb3f4282a23738fc6865cd6e3db44ac6b05f71b211d0d48e523da9998d18
781318bb07cf6ff90cb6a0a9aaa0b78b660b9cfb59f2aa323e9d742d42ddc047
33cbd7e17f592ed4d8cfe74ad10370dc11cd6716737376ad7037bcfcf851d0cf
b0e82b612bd3365c012620277c51e198d5598db7929f5a052ab955505fa09f55
6ec5f9e5771116af0e9bd66707b11c99c1200f77d59e1b3c83ade7d7f7d6d099
c35eedcc8bf96a803602d28b7597f7eb4874277ef31508e1ab7f4dcb63c49bf4
SH256 hash:
60ce6215a7799a4661dea4709e402707cc6d54d30847fd336d038512335424bf
MD5 hash:
d6a85c49b8672fd9b80cc96d05f8c631
SHA1 hash:
9191a57c208dd6e01db0399fc1cd1010832e2119
Link:
https://www.unpac.me/results/14a89216-74a7-4280-acac-1352e5298927/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/60ce6215a779/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/60ce6215a7799a4661dea4709e402707cc6d54d30847fd336d038512335424bf

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 60ce6215a7799a4661dea4709e402707cc6d54d30847fd336d038512335424bf

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1555408/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/181966/

Comments