MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6de652315ec81355613e5aa698e993cc44e46db0f40ee26e6613aa79aea5cdfd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 14


Intelligence 14 IOCs YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6de652315ec81355613e5aa698e993cc44e46db0f40ee26e6613aa79aea5cdfd
SHA3-384 hash: c6207ee38ffb6b1f4ceceebd82c1be78aaeb291a8b56082c39aedbe1765faf568e4a904d9112399448d3977e3bba5167
SHA1 hash: 96e52d66be84aaab38900ee855b99e0c0e78c56b
MD5 hash: 8c96471e0c39a68c73fcd9cf571b9cdc
humanhash: east-mississippi-asparagus-nitrogen
File name:8c96471e0c39a68c73fcd9cf571b9cdc
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:602'624 bytes
First seen:2021-11-17 03:04:28 UTC
Last seen:2021-11-17 05:14:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 807d42501d7f7832d883135d05fffe34 (2 x RedLineStealer, 2 x RaccoonStealer, 2 x Smoke Loader)
ssdeep 12288:v7a5VOo0AtYC6bl9XoyzoxMFTZyUr3LwNz6cavtY:+jOo0ACbntbTIUrLya
Threatray 4'274 similar samples on MalwareBazaar
TLSH T19FD4E110B6E0C034F1B766F889BA9268B52E7A91677985CF63C41AEE4734AD0FD31317
File icon (PE):PE icon
dhash icon b2dacabecee6baa6 (148 x RedLineStealer, 145 x Stop, 100 x Smoke Loader)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8c96471e0c39a68c73fcd9cf571b9cdc
Verdict:
Malicious activity
Analysis date:
2021-11-17 05:27:22 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/0637c1e5-a4ee-440c-a244-72da3584884e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/206688/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.31482.15913.13735.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending an HTTP GET request
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/619471624912a8c920a0e7fc/reports/e381e420-1b88-475b-ba45-93edfa541fe1/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/64886350-6dbd-4bee-978a-80538b4198ea
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/890933
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6de652315ec81355613e5aa698e993cc44e46db0f40ee26e6613aa79aea5cdfd/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-11-17 00:05:48 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nxtfemk6zajvkyj6lktjr2mtzrcoi3nq6qhoe3tgcovhtlvfzx6q._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
58e55ace1e50d5da54055c0ad559e8b888255a586e363bcf08bb728f9127f318
RaccoonStealer
a6ef4df2da289c7494453df35117b375124fbe5b6dc7d6bc571f4218efc24e8e
RaccoonStealer
bf5031c61e39f9dfb379eba03181bfc5bdc63527c25588279fc9e2684e462c11
RaccoonStealer
cfe0285c92fd3ba73b574809c128333d493a354b509aafbf9d05402f8f82fc93
RaccoonStealer
d09f1f4d1e5cf1ea2c2ffcf037bb2af20315e592f5c7f6d8692c1b60c2713927
RaccoonStealer
f0c6c81477938fcae74fe57391235d9128ef6b155052c78dcd18904ff702da80
RaccoonStealer
+ 4'264 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:e0a5b6f1f905520b5671c84d59bd182b3eb344c6 stealer
Link:
https://tria.ge/reports/211117-dk69jsdfgk/
Behaviour
Raccoon
Unpacked files
SH256 hash:
9be54f77ed54c6c4721551117ae989037de7d868c271f7ffe2608f7d1df26514
MD5 hash:
b211e0561db06bb188856efda34b0afb
SHA1 hash:
bbe63b1152b5381cc2724b204f177e3c67d70288
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/fdb091de-39dd-4cc3-93dd-304ee189ac4c/
SH256 hash:
6de652315ec81355613e5aa698e993cc44e46db0f40ee26e6613aa79aea5cdfd
MD5 hash:
8c96471e0c39a68c73fcd9cf571b9cdc
SHA1 hash:
96e52d66be84aaab38900ee855b99e0c0e78c56b
Link:
https://www.unpac.me/results/fdb091de-39dd-4cc3-93dd-304ee189ac4c/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/6de652315ec8/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6de652315ec81355613e5aa698e993cc44e46db0f40ee26e6613aa79aea5cdfd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Raccoon stealer payload
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 6de652315ec81355613e5aa698e993cc44e46db0f40ee26e6613aa79aea5cdfd

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/206688/
  
URLhaus
https://urlhaus.abuse.ch/url/1796540/

Comments


Avatar
zbet commented on 2021-11-17 03:04:30 UTC

url : hxxp://host-file-host0.com/files/4637_1637095941_5016.exe