MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 722126adc22511871123f3057fcb89f2cc45691a6a6de1eee69c72f19cbdb281. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 722126adc22511871123f3057fcb89f2cc45691a6a6de1eee69c72f19cbdb281
SHA3-384 hash: 9c21df36b4dcc3b94baebf585ea7e87889dc5a209a4029810dacbb0d3f3b041d4a0900b3ef96a6c7e6f2db0e82acd52a
SHA1 hash: 55d43016a151209a4683d3f3409044bbf98e4da5
MD5 hash: 6bbef52e3020630aae2a29b8ab8bd811
humanhash: oven-asparagus-west-venus
File name:6bbef52e3020630aae2a29b8ab8bd811.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:524'800 bytes
First seen:2020-06-08 19:14:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 68a090d46587932eeeaebd36af99137a (4 x AveMariaRAT, 3 x RaccoonStealer)
ssdeep 12288:qq534VsezBJJPNNxJvRcVm5+9C1yOLod:q1PJDFcVm5+3OLg
Threatray 735 similar samples on MalwareBazaar
TLSH 94B4F1113ED1D475E8A3DA3149749781CEBEFC629A315A4B3348260FFC752A0752FBA2
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://35.228.95.80/gate/log.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Racealer
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 19:16:05 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oiqsnloceuiyoejd6mcx7s4j6lgek2i2njw6d3xgtrzpdhf5wkaq._file
Verdict:
malicious
Label(s):
avemaria
Create hunting rule
emotet
Create hunting rule
trickbot
Create hunting rule
Similar samples:
1bff41245d3c06fabd5873827fbcb439e967ffed497aa0db52abee316c9127c8
RaccoonStealer
25245b47194a6de183579aba5b1c0a58dcf3712bf8cb379feb269932bc2b1f16
RaccoonStealer
5c2f8f5dd381878e8507be2a11eba1118f28f6de24c10b4f2207c04b608f0ed0
RaccoonStealer
6dde139997c94c4a3c9aaf4ce3c8113d67d649c4c5e8bd8da9c5b71a7853e3dd
RaccoonStealer
8092f7adff425c2972f2716e2d31fedb1057c692eb8f0d4ca65d1a97537932a7
RaccoonStealer
a61d49a1253008d99edb3454be53014f5aca06bd41bd70b77ad2266a3579fcbe
RaccoonStealer
af0a3834638be40e679b27b8fe35a494906e3ef293e4ac5b16ceb1d198939d09
RaccoonStealer
c83c246441fe989317d94896673b0727422e96650cd1fc41f86f57797131a17f
RaccoonStealer
e3b99f09f8c197edd4a0bb3953c4b2e7c5590047bf2ccd946b8fd30244c4bfa6
RaccoonStealer
f445d63184908a0dd348bcbde82feb2cd1a2e387099e5df304f1a72f3e214845
RaccoonStealer
+ 725 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-52a5lyqm6s/
Behaviour
Modifies system certificate store
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Cobalt_functions
Create hunting rule
Author:@j0sm1
Description:Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT
Rule name:Codoso_Gh0st_1
Create hunting rule
Author:Florian Roth
Description:Detects Codoso APT Gh0st Malware
Reference:https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Rule name:Codoso_Gh0st_2
Create hunting rule
Author:Florian Roth
Description:Detects Codoso APT Gh0st Malware
Reference:https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:win_ave_maria_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 722126adc22511871123f3057fcb89f2cc45691a6a6de1eee69c72f19cbdb281

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/382233/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/379547/
  
URLhaus
https://urlhaus.abuse.ch/url/372244/
  
URLhaus
https://urlhaus.abuse.ch/url/372685/
  
URLhaus
https://urlhaus.abuse.ch/url/372239/
  
URLhaus
https://urlhaus.abuse.ch/url/372369/
  
URLhaus
https://urlhaus.abuse.ch/url/372103/
  
URLhaus
https://urlhaus.abuse.ch/url/372238/
  
URLhaus
https://urlhaus.abuse.ch/url/372242/
  
URLhaus
https://urlhaus.abuse.ch/url/365947/
  
URLhaus
https://urlhaus.abuse.ch/url/365304/
  
URLhaus
https://urlhaus.abuse.ch/url/364175/
  
URLhaus
https://urlhaus.abuse.ch/url/363091/

Comments