MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cbdf9b7e12a7a43a809caf6750a896454c4d81212fc4444e11e2acd9f3b78ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 11

Intelligence 11 IOCs 1 YARA 5 File information Comments

SHA256 hash:	6cbdf9b7e12a7a43a809caf6750a896454c4d81212fc4444e11e2acd9f3b78ba
SHA3-384 hash:	d979a3e35940bae59efd6ba40a9b0bc789e2b38340d48246bf13cd9baa687be90f1336d2185b2e4890288bcc7f53b874
SHA1 hash:	046f370bb5abdaf3045251ae48a87b37c52ed5a4
MD5 hash:	a58b3e10ac4df0f36d36b7572b2fbd68
humanhash:	july-avocado-purple-low
File name:	a58b3e10ac4df0f36d36b7572b2fbd68.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	534'016 bytes
First seen:	2021-06-20 02:31:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b0d3854c557fd79a46b820c312bd2709 (2 x RedLineStealer, 1 x DanaBot, 1 x CryptBot)
ssdeep	12288:yDgUpzDsywB4WJ1EzgYE1elWnP1S44NzsyM:igUtNunEzgF1esnrY
Threatray	826 similar samples on MalwareBazaar
TLSH	D0B4E11066A0D038F0B772F4597A53A9B93E7EB0AB2895CF52CA16EE56345F0DC30367
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://34.105.169.29/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://34.105.169.29/	https://threatfox.abuse.ch/ioc/137379/

Intelligence

File Origin

# of uploads :

# of downloads :

142

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

a58b3e10ac4df0f36d36b7572b2fbd68.exe

Verdict:

Malicious activity

Analysis date:

2021-06-20 02:32:55 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/2b58d288-5791-48ae-bf40-713169097290

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/167105/

Detection(s):

Win.Malware.Trojanx-9871782-0

Win.Malware.Pwsx-9872042-0

Win.Malware.Pwsx-9872132-0

Win.Malware.SmokeLoader-9871694-1

Win.Dropper.Bandook-9871783-1

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b4531399-6b87-48d7-88e7-1f67607d2bca

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/804815

Signature

Contains functionality to steal Internet Explorer form passwords

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Infostealer behavior detected

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6cbdf9b7e12a7a43a809caf6750a896454c4d81212fc4444e11e2acd9f3b78ba/

Threat name:

Win32.Infostealer.Racealer

Status:

Malicious

First seen:

2021-06-16 06:52:36 UTC

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ns67tn7bfj5ehkajzl3hkcujmrkmjwascl6eirhbdyvm3hz3pc5a._file

Verdict:

malicious

RaccoonStealer

4a0f69418fd192f33d63baeb991a343db79af86be3cde253f38b05ac33205d9e

RaccoonStealer

612e83248527b731211cc4161bf7c9bf3c15c59312725ef1285902558c3ceb70

RaccoonStealer

67ee0a1422563807cb5af36dd2527d3e96f5532f34020c0cdacb4325d31d77b0

RaccoonStealer

789e58502db7458fefcde8f8f920dfbf9299461146828ddba1b57d191b07e9c9

RaccoonStealer

b2c71a3b927301a484057e79c1d8a08c45512181b6378ca2627d34ddec49d4f4

RaccoonStealer

b46bcadf27236d47a847bf4d96e24db984c7f61485b0eec1f97ca1e3c3ac4079

RaccoonStealer

b751a245f558db84cf77e46e473073e2dd23fbde9f9d150d63e525bbf4b88e8c

RaccoonStealer

b82b210a1ead0d52042310991c59e3417ea2606f00591b7bd4440e8d23d31f88

RaccoonStealer

cce83bbb9fcc128a53c6f788a976bce242447d6c73deb097002ce9bb45b89cd0

RaccoonStealer

+ 816 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210620-dk3l5td7xa/

Behaviour

Modifies system certificate store

Unpacked files

SH256 hash:

563e287fab45f375fe269fd3489f75da5aaf0f729a6bd6b9739b250939c6d340

MD5 hash:

067ee76aeed78295fbdb41a3332a6cc0

SHA1 hash:

9e76494fcc0955211b529ee93e3feeb1262242f8

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/7f8dc930-cda4-4301-b186-f303e655faf4/

Parent samples :

6cbdf9b7e12a7a43a809caf6750a896454c4d81212fc4444e11e2acd9f3b78ba
3ac315d081c5f415b514924f875a97c8e7a74d94a2610a079e4ccb66f9251ea7

SH256 hash:

6cbdf9b7e12a7a43a809caf6750a896454c4d81212fc4444e11e2acd9f3b78ba

MD5 hash:

a58b3e10ac4df0f36d36b7572b2fbd68

SHA1 hash:

046f370bb5abdaf3045251ae48a87b37c52ed5a4

Link:

https://www.unpac.me/results/7f8dc930-cda4-4301-b186-f303e655faf4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6cbdf9b7e12a7a43a809caf6750a896454c4d81212fc4444e11e2acd9f3b78ba

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Email_stealer_bin_mem Create hunting rule
Author:	James_inthe_box
Description:	Email in files like avemaria

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Detects Raccoon/Racealer infostealer

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/167105/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample