MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62b6bf174a503a11b3c3623c9f10d5d9490d74b75359088e1994627e044ec83c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 14


Intelligence 14 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62b6bf174a503a11b3c3623c9f10d5d9490d74b75359088e1994627e044ec83c
SHA3-384 hash: ec6cacc5cfcaf5a8ccb01080203201127599a112daead6b6d23ee7388841765a615cef3ba2dc9e1c37206d187b98eb9b
SHA1 hash: 96f4f6bd02dd904fa0e4d3896716b610a8444c9c
MD5 hash: c49eb2d008d3cfd7d32b75be6d0a3704
humanhash: fourteen-pasta-asparagus-dakota
File name:c49eb2d008d3cfd7d32b75be6d0a3704.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:427'520 bytes
First seen:2021-11-04 09:45:18 UTC
Last seen:2021-11-04 11:47:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1e9673fd053a72437930c0bf72ec70cb (3 x RaccoonStealer, 2 x Loki, 2 x RedLineStealer)
ssdeep 12288:qixCwDTt0mfNvyrmm+tnSjKIJBijldtcF:V1FNM+tSeigjV0
Threatray 4'094 similar samples on MalwareBazaar
TLSH T15194011175A2C034D2E313318A75C2B51A7BB963677094BF7BA06B3F2D705C09A7A397
File icon (PE):PE icon
dhash icon 480c1c5c4b594904 (3 x Amadey, 3 x Smoke Loader, 1 x RaccoonStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://91.219.236.143/ https://threatfox.abuse.ch/ioc/243036/

Intelligence

File Origin
# of uploads :
2
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c49eb2d008d3cfd7d32b75be6d0a3704.exe
Verdict:
Malicious activity
Analysis date:
2021-11-04 09:49:09 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/85de14ee-729f-4d29-a8e3-4cad1656ab27

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/202195/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.26952.23550.10902.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6183abdd9982ff7c3f7f98bd/reports/e32b42a6-cf5c-412c-9b4c-c12cedd76945/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/910be5fd-43a5-4328-a484-6b39f923faaa
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/883007
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/62b6bf174a503a11b3c3623c9f10d5d9490d74b75359088e1994627e044ec83c/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-04 09:46:06 UTC
AV detection:
23 of 44 (52.27%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mk3l6f2kka5bdm6dmi6j6egv3feq25fxknmqrdqzsrrh4bcoza6a._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
054d065a043de44f5e5630f3714057e58ac6350f68257170edf505388b30886f
RaccoonStealer
5951ad0c4ceb22f67645e5fc7e45aeef476cc7f092c82f53a0ea10912eaa82a4
RaccoonStealer
88528d9c937298a60f831e75aa132d9d4034a69377d2b25b28b7a1624bb0c73b
RaccoonStealer
b0dd5858056c0f3b57748faeadbb2d64cc104c5e7139a79f5413c8b161fa73a1
RaccoonStealer
d8954e41c48d31ed2ba00ff97fc184cbf0a7621f7c387ad6a74b6e746bf034dd
RaccoonStealer
+ 4'084 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:7f5e74ef728ec0152fecbef9e1e80b3c9538dddf stealer
Link:
https://tria.ge/reports/211104-lrmsgsgbg6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
33b19c11e05e49c4a822ea8eb715f109f25662c33d566a760f0ccd9d02ef10c6
MD5 hash:
363dd298fe625684d4621238f05db7ae
SHA1 hash:
060fec985a6f7197fea3b79cf52734e3af063dc1
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/823ae72f-c90b-4b64-8dbf-a960b1a2739f/
Parent samples :
62b6bf174a503a11b3c3623c9f10d5d9490d74b75359088e1994627e044ec83c
f17772098183172d840f6a921509319be81f980575d2771db2bd976df6f997fa
cc74bff4ba31ec6b5eaea327beca16edb82f6701bb689c85a93707c34faea80f
c8a6646c5f9d3a74b2c5bfb72dae6c67934f13179374851c988f67ba10573419
6b620aeca6e31d22b5e1d4f0b813b7669e41623dc080c5adb1a9ea096a7a7a16
SH256 hash:
62b6bf174a503a11b3c3623c9f10d5d9490d74b75359088e1994627e044ec83c
MD5 hash:
c49eb2d008d3cfd7d32b75be6d0a3704
SHA1 hash:
96f4f6bd02dd904fa0e4d3896716b610a8444c9c
Link:
https://www.unpac.me/results/823ae72f-c90b-4b64-8dbf-a960b1a2739f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/62b6bf174a503a11b3c3623c9f10d5d9490d74b75359088e1994627e044ec83c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/202195/

Comments