MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75b97aab1b6015b3088e06cb80231da9ea66856813c023800e7ef530fec9c009. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 8

Intelligence 8 IOCs 1 YARA File information Comments

SHA256 hash:	75b97aab1b6015b3088e06cb80231da9ea66856813c023800e7ef530fec9c009
SHA3-384 hash:	9e02a8ab74741bf51b5f3ad5a7402605eaca1b7766ada2a4ceb73150027f52dfe266b045e5ff00e131abb3e101d38206
SHA1 hash:	097199018863296be5c49cc14418014ad70842d5
MD5 hash:	29b42c1815d533711f11ece6e07db9db
humanhash:	saturn-helium-bakerloo-football
File name:	29b42c1815d533711f11ece6e07db9db.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	4'763'448 bytes
First seen:	2021-09-28 06:38:13 UTC
Last seen:	2021-09-28 10:16:08 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5b9290431b366a1252cf05522cb28180 (8 x RaccoonStealer)
ssdeep	98304:g0Ou/sfXLkcdl9fbgQsKN/0kyE7PUuytBLdb7eNRLioPK:g80ocd8Q9N/TywjSdbOk
Threatray	67 similar samples on MalwareBazaar
TLSH	T1A0261263B6008956D0E58839CA177FD873F129268E81563B77EDB6CF2F326D0C612A53
File icon (PE):
dhash icon	ccb2b28e8e9696cc (2 x njrat, 1 x RaccoonStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://185.138.164.150/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://185.138.164.150/	https://threatfox.abuse.ch/ioc/227268/

Intelligence

File Origin

# of uploads :

2

# of downloads :

117

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

29b42c1815d533711f11ece6e07db9db.exe

Verdict:

Malicious activity

Analysis date:

2021-09-28 06:39:22 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/75c4608e-916b-4e6f-9e82-57f9c16b262d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/192405/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.47057596.19124.11118.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0b867406-46da-4681-9a38-52971ba7b3e2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/75b97aab1b6015b3088e06cb80231da9ea66856813c023800e7ef530fec9c009/

Threat name:

Win32.Infostealer.Racealer

Status:

Malicious

First seen:

2021-09-27 18:27:00 UTC

AV detection:

17 of 45 (37.78%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ow4xvky3mak3gceoa3fyaiy5vhvgnblicpachaaop32tb7wjyaeq._file

Verdict:

malicious

Similar samples:

2aaad8177d08507b09dc3d419b4d31f65db6fe6bc6314ffce650b9fc57f0817c

2ace0be70434934b6e140f679a0c1551dd589abedfb1f6abeb5ceffaf0a1b9d9

3c2fa1d04daaea31991c29bb4118c3d146a50815a033ea5ae325c3171ebdf713

3cee28ef52c59c99b841c6927f5085e483523cb8b606ff9ce5d60b3c13574545

54fca1375e62c5978b78593ea50a5ac198da69c3e033c94371cbb81dc5a9d5be

70c64a3f46820c47b44e30d3925165340735c7ce62ad124268820335ecc808be

a3c2207806f9be710f3a1d1cbf1149a708bb080946e2368c8e826f5cef2293e4

ae74fa3656db93c35b26ed229568607bb9c20684818ad072b95aefb585c63a08

b9f5bca9a22f08aad48674bc42e4eaf72ab8aa3d652ba7a10dc4686b5b183a33

fb8a2b78f0d3139d8192dbeb925e8e8d13bf370540f2c7853107a8e4b3beac38

+ 57 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:c1728bc068ff13c9172ac566c717a997b9a7b1dc discovery spyware stealer

Link:

https://tria.ge/reports/210928-hemp6sahc5/

Behaviour

Delays execution with timeout.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks installed software on the system

Loads dropped DLL

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Downloads MZ/PE file

Raccoon

Unpacked files

SH256 hash:

3c90db3d343e1bd6fdb6cd4eb385123c125e3b7b49e52c224ccfbffb4e9f5523

MD5 hash:

51db8b9999a26355f822cca9fc832f6c

SHA1 hash:

8195ec2b1754965cc59e500fefbc0232edabf2f7

Link:

https://www.unpac.me/results/0574c4f9-800e-46e3-b334-92f44f7af441/

SH256 hash:

75b97aab1b6015b3088e06cb80231da9ea66856813c023800e7ef530fec9c009

MD5 hash:

29b42c1815d533711f11ece6e07db9db

SHA1 hash:

097199018863296be5c49cc14418014ad70842d5

Link:

https://www.unpac.me/results/0574c4f9-800e-46e3-b334-92f44f7af441/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/75b97aab1b60/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/75b97aab1b6015b3088e06cb80231da9ea66856813c023800e7ef530fec9c009

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 75b97aab1b6015b3088e06cb80231da9ea66856813c023800e7ef530fec9c009

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1646330/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/192405/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample