MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70cd83eced3b60e635ad7ff6b6e4b0e5140dd60bb6d58d4c34cb269cbdde2733. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	70cd83eced3b60e635ad7ff6b6e4b0e5140dd60bb6d58d4c34cb269cbdde2733
SHA3-384 hash:	56d87b0bc5ee19ddf2e66364c7f9255f795a3b9409a9db4038bfe6f7acab693f50bbcdc299e9c928290e0a71cb638607
SHA1 hash:	c0fcea0c28c5b05bf1bf0cfaef01cf26fa3d022a
MD5 hash:	6940c13b08c905c8132204a263d3df95
humanhash:	mango-black-iowa-delta
File name:	RFQUOTE_JANUARY_STOCKLIST_18TH_NEW_Quote.img
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	3'735'552 bytes
First seen:	2021-01-18 18:24:36 UTC
Last seen:	2021-01-18 18:30:39 UTC
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	98304:MLFdLB9kBvaCeXY8iHsdLdxz8dwnfqzj3e7drn:kmJqY8Hxz8dwnSXMNn
TLSH	E906AE1373CC9B1CD3BC56F5A830827067A8AA47A654E238F9FDA4CE5F21958459FBC0
Reporter	abuse_ch
Tags:	img RaccoonStealer

abuse_ch

Malspam distributing RaccoonStealer:

HELO: abchouston.org
Sending IP: 104.168.174.16
From: Jake Burrett <s.gay@abchouston.org>
Subject: Request for Quote
Attachment: RFQUOTE_JANUARY_STOCKLIST_18TH_NEW_Quote.img (contains "RFQUOTE_JANUARY_STOCKLIST_18TH.exe")

RaccoonStealer C2:
puffpuffpuff419.top