MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b620aeca6e31d22b5e1d4f0b813b7669e41623dc080c5adb1a9ea096a7a7a16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 14

Intelligence 14 IOCs YARA File information Comments

SHA256 hash:	6b620aeca6e31d22b5e1d4f0b813b7669e41623dc080c5adb1a9ea096a7a7a16
SHA3-384 hash:	f8048ae370943645d5ffcf7ed44b54700bc6b565d0de38d0a1c52d3176c1d03c93c12db5fb19d7a3f3a9d53d763f9449
SHA1 hash:	9e3828d0c889149ff93d49fddb44bee68d732ca0
MD5 hash:	9776b6f9b63c68a0748c61b7449207e3
humanhash:	muppet-artist-oscar-may
File name:	9776b6f9b63c68a0748c61b7449207e3.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	607'232 bytes
First seen:	2021-11-05 09:24:27 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f328df869bbb6ffcb0b5674378a112d8 (4 x RedLineStealer, 4 x RaccoonStealer, 1 x Smoke Loader)
ssdeep	12288:MRems1ZkmZlvzuCdMUzC/BI1lchAOQ1Vwto5JpgWARMb7Xu45h2CkT491:cbc5LCCd+4DR5JqWARMbju45h2CW4j
TLSH	T1D8D4D01076A1C039F1B212F479769378F53E7DA1AB2454CB62D62AEE5A346E0FC71307
File icon (PE):
dhash icon	b2dacaaecee6baa6 (23 x RedLineStealer, 22 x Stop, 13 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

# of downloads :

100

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

9776b6f9b63c68a0748c61b7449207e3.exe

Verdict:

Malicious activity

Analysis date:

2021-11-05 09:36:43 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/d0904a7a-42bd-45e2-a0d8-63ec7f18ccc2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/202638/

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/6184f8710621d706aeac717d/reports/967836c1-a9cf-494a-9be7-26d5081485a3/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/6300be07-eef6-4662-b8ba-9158341ae6af

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/883914

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/6b620aeca6e31d22b5e1d4f0b813b7669e41623dc080c5adb1a9ea096a7a7a16/

Threat name:

Win32.Trojan.Krypter

Status:

Malicious

First seen:

2021-11-05 09:25:08 UTC

AV detection:

22 of 44 (50.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=nnrav3fg4mosfnpb2tylqe5xm2pecyr5ycamllnrvhvas2t2pila._file

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:7f5e74ef728ec0152fecbef9e1e80b3c9538dddf stealer

Link:

https://tria.ge/reports/211105-ldl9ssgdam/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Program crash

Raccoon

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

33b19c11e05e49c4a822ea8eb715f109f25662c33d566a760f0ccd9d02ef10c6

MD5 hash:

363dd298fe625684d4621238f05db7ae

SHA1 hash:

060fec985a6f7197fea3b79cf52734e3af063dc1

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/6a247ff0-ca0b-4565-a009-0d0d6db69cfe/

Parent samples :

62b6bf174a503a11b3c3623c9f10d5d9490d74b75359088e1994627e044ec83c
f17772098183172d840f6a921509319be81f980575d2771db2bd976df6f997fa
cc74bff4ba31ec6b5eaea327beca16edb82f6701bb689c85a93707c34faea80f
c8a6646c5f9d3a74b2c5bfb72dae6c67934f13179374851c988f67ba10573419
6b620aeca6e31d22b5e1d4f0b813b7669e41623dc080c5adb1a9ea096a7a7a16

SH256 hash:

6b620aeca6e31d22b5e1d4f0b813b7669e41623dc080c5adb1a9ea096a7a7a16

MD5 hash:

9776b6f9b63c68a0748c61b7449207e3

SHA1 hash:

9e3828d0c889149ff93d49fddb44bee68d732ca0

Link:

https://www.unpac.me/results/6a247ff0-ca0b-4565-a009-0d0d6db69cfe/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/6b620aeca6e3/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6b620aeca6e31d22b5e1d4f0b813b7669e41623dc080c5adb1a9ea096a7a7a16

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

exe 6b620aeca6e31d22b5e1d4f0b813b7669e41623dc080c5adb1a9ea096a7a7a16

(this sample)

Cape

https://www.capesandbox.com/analysis/202638/

URLhaus

https://urlhaus.abuse.ch/url/1751236/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample