MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75bc5234ba652f847e14755352f4b39c26ffcfb5cec2b48d34e066b0581772dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 11

Intelligence 11 IOCs 1 YARA 5 File information Comments

SHA256 hash:	75bc5234ba652f847e14755352f4b39c26ffcfb5cec2b48d34e066b0581772dd
SHA3-384 hash:	cd2d9cf3d560b350515ba4190739d24e2d46fee31e7a216741a4e78c58634916ef4a21dd647a5220b39abb4c7f444fde
SHA1 hash:	f6a7d37e19af98c61f8fbcecea8b1089478f7641
MD5 hash:	aa96f47dbf601f3bcb87a44c1a3e222a
humanhash:	tennessee-sierra-music-twelve
File name:	aa96f47dbf601f3bcb87a44c1a3e222a.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	587'776 bytes
First seen:	2021-05-26 16:57:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	48d2401545bc23ddf9125d8d09f6c7f1 (4 x RaccoonStealer, 1 x Glupteba, 1 x CryptBot)
ssdeep	12288:AG5geDr04R381cnezG/fvUZG/ocmBabXaJFUFi5F6JBcbkXsL:8e53PezynUZG/TQaTZoF6JUkXsL
Threatray	1'107 similar samples on MalwareBazaar
TLSH	22C4C0B06EA1D034E4FF15B089B682B865267DA1AB3040FF22D3BAEE55345E49D3075F
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://45.67.231.109/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://45.67.231.109/	https://threatfox.abuse.ch/ioc/64474/

Intelligence

File Origin

# of uploads :

# of downloads :

100

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

aa96f47dbf601f3bcb87a44c1a3e222a.exe

Verdict:

Malicious activity

Analysis date:

2021-05-26 22:26:22 UTC

Tags:

trojan stealer raccoon loader

Link:

https://app.any.run/tasks/173daf3c-95ba-4c03-8886-2039683783c6

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/162479/

Detection(s):

Win.Malware.Generic-9864238-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Connection attempt to an infection source

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/75bc5234ba652f847e14755352f4b39c26ffcfb5cec2b48d34e066b0581772dd/

Threat name:

Win32.Trojan.Glupteba

Status:

Malicious

First seen:

2021-05-24 10:23:03 UTC

AV detection:

19 of 47 (40.43%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ow6fenf2muxyi7quovjvf5fttqtp7t5vz3bljdju4btlawaxoloq._file

Verdict:

malicious

RaccoonStealer

39a27d15f3d6175331a974825a440d7475187bae0c133a48a1a5155b49a82537

RaccoonStealer

50bae6a5c3c8f45399a78f1a6b3e27b3dc88fc9e2b172ef9c80ebfd85d856d94

RaccoonStealer

63f7c2def826b631ced507f85a38f51aed894d3c4959fc04c26293247325208e

RaccoonStealer

82e9e16b5b07418082d99003446ec83e0157e8c4c507ef1d0fb79dc08efee10a

RaccoonStealer

8896dd2a44120202a979a9c6caa747861d0a5bb77d46ca475384c000e7f0bd57

RaccoonStealer

b2f42e0c46898da53cb52d2d1a7f7ea2a090b08491c8b89a4e155cf77b6ab9ed

RaccoonStealer

befa57a02c2092b79fbb34b7d9cb458cef12ecdfe10f030363ae9d1a13a943a0

RaccoonStealer

c32f64cff507a0d5775b26e570f1ac2dd07b24365d0ae38f42e5c954a5359756

RaccoonStealer

f8bf48e34c4002e07e7c57dc4eee52abe141b8a9cfb693325229f56cca507d40

RaccoonStealer

+ 1'097 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:647655b6a765b5ff18d6008641ae5f7ecffe52ca stealer

Link:

https://tria.ge/reports/210526-n635xx2r72/

Behaviour

Raccoon

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/75bc5234ba652f847e14755352f4b39c26ffcfb5cec2b48d34e066b0581772dd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Email_stealer_bin_mem Create hunting rule
Author:	James_inthe_box
Description:	Email in files like avemaria

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Detects Raccoon/Racealer infostealer

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/162479/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample