MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75114eeae6429f297193678413f5523eea5e25474745d3c9f29f3a519143a3f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 13


Intelligence 13 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75114eeae6429f297193678413f5523eea5e25474745d3c9f29f3a519143a3f3
SHA3-384 hash: 9bc758ccf68238c79563381c455c9f3419abb0cf99a991bfdebe462fb157706041809d240f0a7ce6bad43d56267236ee
SHA1 hash: 11a8bdaa7c59c4bbb36a54bae512bfc0949a0dcf
MD5 hash: eb22078b4d2f887040af83ea9e7d1cf4
humanhash: spring-minnesota-solar-mars
File name:75114eeae6429f297193678413f5523eea5e25474745d.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:565'760 bytes
First seen:2021-09-14 06:50:44 UTC
Last seen:2021-09-14 08:09:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash aed329e4dacd07dcd744859ead4f9693 (4 x RaccoonStealer, 1 x ArkeiStealer, 1 x RedLineStealer)
ssdeep 12288:y/PgRqIKC+eY+fSCQesnmpjDEJZl3nyRuKi0f:kaqIF/6CQjnmpc35yRuKPf
Threatray 3'131 similar samples on MalwareBazaar
TLSH T18AC4E030A7A0C035E1BB11F499BA937C6A2E79B15F3094CF62E456EA17782E4DC31397
dhash icon e8e8e8e8aa66a489 (12 x RaccoonStealer, 5 x ArkeiStealer, 3 x Stop)
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://94.158.245.117/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://94.158.245.117/ https://threatfox.abuse.ch/ioc/221022/

Intelligence

File Origin
# of uploads :
2
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
75114eeae6429f297193678413f5523eea5e25474745d.exe
Verdict:
Malicious activity
Analysis date:
2021-09-14 06:55:09 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/006bab34-d491-4af0-8a36-1b7d5f5e641b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/187723/
Detection(s):
SecuriteInfo.com.Ransom.Stop.Z5.29738.8635.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61750bd1db358dd15ed92164/reports/0e3f4a51-d865-4186-9f95-b171eca32bd8/overview
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dd2267a8-1b81-47e4-a80d-f6e6fa7921a0
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/850425
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/75114eeae6429f297193678413f5523eea5e25474745d3c9f29f3a519143a3f3/
Threat name:
Win32.Spyware.Racoonstealer
Create hunting rule
Status:
Malicious
First seen:
2021-09-14 06:51:06 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ouiu52xgikpss4mtm6cbh5ksh3vf4jkhi5c5hspst45fdekdupzq._file
Verdict:
malicious
Similar samples:
03d23ad7ab07c264aa23794c51236157641a98f8a6b40dc063e3403e831b967b
RaccoonStealer
091ee9a9dd7f5501d96e04c9d7cfda6bb6cf3cdcb308f2ef293c123f675d56a7
RaccoonStealer
19e1615b05d89f0268b47c11407aa8023a65d704dadba3660557d81dd3e507cb
RaccoonStealer
3c2557c292a2e3a61a85cd44f45f8f3998fd16db3e5e523353eac61a879f726a
RaccoonStealer
80f0607db29814c032dd81fabf31e3c7e1134c5cf9fde17d639556381d5299d3
RaccoonStealer
88bea616209dfb7515186c71ef3555315eae375e4bf1fdff5267aea751323ae6
RaccoonStealer
d5c5a22d496c874ed4da5e38cae2c72cc94bc9238e9385f05e7c0b11b87ff35a
RaccoonStealer
dba5e6264deed1c0d630810ce0ba5931e442398ab117ab551f05e77d69613bfb
RaccoonStealer
de8d7941d5fe91459cefc134f86c2630dbea5ec6830e2aa8f520900bc7f5a707
RaccoonStealer
f4e89acd2fe686f7b8006dec8326057703ce9ae4c2636a6119ae48ef4db1fdcb
RaccoonStealer
+ 3'121 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon discovery spyware stealer
Link:
https://tria.ge/reports/210914-hmg5nafbe6/
Behaviour
Modifies system certificate store
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Unpacked files
SH256 hash:
02ca51cfdba274d2df1c3ee291a6018dec004cce0012d0bea0e4406d5a060499
MD5 hash:
8edd8e914c197432324a0af09f8edf64
SHA1 hash:
d6ad05102b8f628d3a7fe5646166086b59019f2d
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/cc5710a6-9828-4c53-80b3-ddc1292316fb/
Parent samples :
091ee9a9dd7f5501d96e04c9d7cfda6bb6cf3cdcb308f2ef293c123f675d56a7
59beb29d06be48da8c6b6719d5840614cd4d55f1a4da75653ba41c2d2e407b55
80f0607db29814c032dd81fabf31e3c7e1134c5cf9fde17d639556381d5299d3
d5c5a22d496c874ed4da5e38cae2c72cc94bc9238e9385f05e7c0b11b87ff35a
f099d1a0b66cc96504494723d26bf5db6a92218a39ff036cbc05b067c0f0ff6a
b4b0d2468c23ab82e82ad967c641e703b623436f950b6a7be1c5ee7211deef15
19e1615b05d89f0268b47c11407aa8023a65d704dadba3660557d81dd3e507cb
f4e89acd2fe686f7b8006dec8326057703ce9ae4c2636a6119ae48ef4db1fdcb
75114eeae6429f297193678413f5523eea5e25474745d3c9f29f3a519143a3f3
9f60a157b1a91cc18125825a286baaf011e65b0808be4adda258c3180f0be3ac
67d16a17f27f15cf21671ccb406e1e8b647aaf90c72c9b276bdbc7eb788ab0c3
79353b4beb5c15fb26a1a4e35742da675a5adeff230f9a4d8f3577d47e263e97
7dab69ecef0dc000e97634c8bf2840242b9e75038f32c0eac5eb79772309e43c
78d2e3ffb53da033d7df217d5a67ea52dbac7928cb77d907307a1c77b4453cfe
f0c98f4c47a7f3890884cea6e1e84d19fd63eeed8b05ba9cb367707a0f28aeba
830de75be32c7b749962b6ba9b8f9bb50db8bb9145653fa9e38f33715732ded4
450e075bf8a574b403096f9ffb1cd87857ee543771ed744c63012e6613807b0e
47d10ac8920b58c08d0da346b4f1b8527977dc053a87185e052cbdc538f172f4
0c791330b6c9714529cf845649a17339f96df293f02bf550e6c4e007faf6a9e8
2e1b565f42f99e8d17cd485f47d9fc6018a809b168a860ece96441aecc709a0c
8c9a9047c056ec7ce9b5b5c9df7934bcb265e3854994ee98f437b3c821b20408
d690f8acb2be07e4c3c00c177e4541fe6152f82fa719b911a9ae41987e0325ea
3255394172556a89378c6a369e4d88fcd1992017cf1eeb7ee2794495758bf785
fe1990750afee81d40a30939cdbd0b3005f5817c23592e8670619fcfec895426
e838650dcbc88fd2e8ce7f9dcbdf9f1afba6a007e133c87e73597ad947695c89
e6f0ab95e920970099a345f11ea0637ece8c061b0a73c74ecaffc072c68a0766
884429c12ac459c21450fb85cd1c3a05cb83d4eeff21132ffd8e6fefd1df1e13
d4a432f1248930343a999a11dbcf5c7790f7c0d4856200aba7d20f956455fa2e
a56a640c907fb37b76e27091785c28b2b182967cf7c3c9f2a78d5e72fd754e99
990fc57523f695bbd5814b6b66bf0e3caecd7ccd66900c41faa2edb9ec3e3ea2
e021c2eeab7d9fa1bfafa82502b1d9b5e4bea406ee10193fa0d7d2e8ee535efd
2b2394b8ecbee2ffe037f5eb6912ce33e6a1800a7c2ab772d2136e55dcad5693
4536b4f09029d0abdc6d7b2fac07d6df06b6a7f3ba38e8f8de143ad3f24098a5
e43a9203ce9b7398946020198e343d697bb2dd9190fe9c36b209a3db35872d7b
0597fec78019b2f9914df4a6c7f5a54eb0129ffb527bf9e7a144246ff6130eba
bdf737ebe428090dc14434f31c606094dcc85e552bd361e48c16fc6b2a74329a
fb4ee55f6d4868657b33a834fa135aa874b26d98e84398b7b8b72da06064e070
0cfff6093535e3816840c50d4f1f4e17a3609a459527194c3cf4076bc4b529de
a10988cafea84ff676e2f8a3c24f9a4f6af043e30437a0673bbfed5034c764f2
c1545e4cff8b74630cf80b0631d197dacedbd3b65725153913c9ebc83e8b9420
19d47c7108f49e1e5c9e6437d3deef5274dde24eedafe76f1ab97aa5f0a223c1
ce7fb6b222f840a7af7d162d6726316e882d57fc1a46f35a53b90e030b0b208b
ec487dae69d41d508b3f771845781e7779174bc36bb393b9bcbe19ecf586d8fc
13d6a16d6626f7c0967e4dfb75112b136eb97a56f50e2239adcfa4f97dad8a1e
af90943b5aa1d71230b58094b949a95bf1dd776130e5740b4e9325cf17e94efb
487f7c670fd41c29794ecf4577efba0790553a1b4895f85a54ac42d2e1f546bd
2ee558d27a472efd85b46f58f827de607e5e631cb1212065837a52c2f19c8f33
c9d25421600d74720606bb7dcdf48c94885f69a0c0228344a3af8652fb74f00d
SH256 hash:
75114eeae6429f297193678413f5523eea5e25474745d3c9f29f3a519143a3f3
MD5 hash:
eb22078b4d2f887040af83ea9e7d1cf4
SHA1 hash:
11a8bdaa7c59c4bbb36a54bae512bfc0949a0dcf
Link:
https://www.unpac.me/results/cc5710a6-9828-4c53-80b3-ddc1292316fb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/75114eeae6429f297193678413f5523eea5e25474745d3c9f29f3a519143a3f3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/187723/

Comments