MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68d61644f7d6304a670f5beb08f72b7f4ccff94768bbba63618b3395efad0dcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 14

Intelligence 14 IOCs YARA 3 File information Comments 1

SHA256 hash:	68d61644f7d6304a670f5beb08f72b7f4ccff94768bbba63618b3395efad0dcc
SHA3-384 hash:	71ed9afbf39c51d7ef6f12383d42a2a4be18bf79fc4478ef05b9c437e27799c1338e8800b4f330f5c86238f2f77ea866
SHA1 hash:	3d44aebef07dc4dcc15b662258a43289ec6668b7
MD5 hash:	90a831a2842a358a74af4cd49c7240c3
humanhash:	quiet-kitten-earth-south
File name:	90a831a2842a358a74af4cd49c7240c3
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	579'072 bytes
First seen:	2021-11-28 11:21:46 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6b58ad35108d9be73edec2b533f16298 (1 x RaccoonStealer)
ssdeep	6144:y93v80EPZdeOiZBadxHs+d2UXUuBwj4n/mo3A6eM+Va/mcKK8dgrkabVQzRMSpZm:2vsd2EJ2UXUuoro3v/ucKK8dgr1QzHm
Threatray	4'363 similar samples on MalwareBazaar
TLSH	T102C4E110A7F0C034F5BF52F899B993B4A52E39A1AB6490CF62D527EA67346D1EC31307
File icon (PE):
dhash icon	5012b0e068696c46 (8 x RaccoonStealer, 8 x RedLineStealer, 6 x Smoke Loader)
Reporter	zbetcheckin
Tags:	32 exe RaccoonStealer

Intelligence

File Origin

# of uploads :

# of downloads :

165

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

90a831a2842a358a74af4cd49c7240c3

Verdict:

Malicious activity

Analysis date:

2021-11-28 11:24:18 UTC

Tags:

trojan stealer raccoon loader

Link:

https://app.any.run/tasks/5c1a22c4-81a4-45ea-a5fb-e235f48f8dbd

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.38132951.22560.23782.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending an HTTP GET request

Sending an HTTP POST request

Launching the default Windows debugger (dwwin.exe)

DNS request

Sending a custom TCP request

Searching for the window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/61a3665cbbfd2af97cb73f7d/reports/40df818c-26ea-4121-b95f-1cf95a90b4c2/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/1a71ab37-2937-4cd5-b0e9-c4f8c6260995

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/68d61644f7d6304a670f5beb08f72b7f4ccff94768bbba63618b3395efad0dcc/

Threat name:

Win32.Trojan.Chapak

Status:

Malicious

First seen:

2021-11-27 18:15:13 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

27 of 44 (61.36%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ndlbmrhx2yyeuzyplpvqr5zlp5gm76khnc53uy3brmzzl35nbxga._file

Verdict:

malicious

Label(s):

raccoon

RaccoonStealer

976b30ed3b9f1a8f02bac54aac1876534fd55ee277ca288c972774f20051f055

RaccoonStealer

aaecc6d2397e862afe8e60769d28847e1a634954d2c003f5a9975262d66ba47f

RaccoonStealer

dd342468231a6e7e5cd08f7003da4185736c258be4cd0ecd61ff119d664c6b9b

RaccoonStealer

fa30571b12211c46fc47639a9d4df6fdeacc8ea6ecffd0a3022f82ffe43d50b1

RaccoonStealer

ff0b4793d0a5080966f28c746fb402ad56931a967dce572d3c2f8ddbd4b7acb8

RaccoonStealer

+ 4'353 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:b620be4c85b4051a92040003edbc322be4eb082d stealer

Link:

https://tria.ge/reports/211128-ngklgshcdj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Raccoon

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

9e166608fd14618b17f23266784c1ba85735fe33af8dd7c4a341beecb6a5d9d0

MD5 hash:

aeefcda83a1e05d4c568cb94e023d9eb

SHA1 hash:

ceca52d585b22485fc7b2427127334ffb0c4b7d0

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/b4a93664-2ce0-4d44-b40e-a94f2532b7e6/

Parent samples :

68d61644f7d6304a670f5beb08f72b7f4ccff94768bbba63618b3395efad0dcc
a68f787d330808769f87c48f03f9da428bba40595757cd045535b20c7d66d53e
56283f214f84bf23a55813990e2147767f71a61c6158ed1e5e9178527a6f90f1
919ccc1f90bae8d58cc6ef51359e15af853de90a7083c640b5c2a99eb1a61281
5676e0a540f1996d4866fe92847a70f40b43a8d7a2e4622053126f4b19e318ea

SH256 hash:

68d61644f7d6304a670f5beb08f72b7f4ccff94768bbba63618b3395efad0dcc

MD5 hash:

90a831a2842a358a74af4cd49c7240c3

SHA1 hash:

3d44aebef07dc4dcc15b662258a43289ec6668b7

Link:

https://www.unpac.me/results/b4a93664-2ce0-4d44-b40e-a94f2532b7e6/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/68d61644f7d6/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/68d61644f7d6304a670f5beb08f72b7f4ccff94768bbba63618b3395efad0dcc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Raccoon stealer payload

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

exe 68d61644f7d6304a670f5beb08f72b7f4ccff94768bbba63618b3395efad0dcc

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/1828078/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2021-11-28 11:21:49 UTC

url : hxxp://coin-coin-coin-2.com/files/2500_1638020018_4704.exe