MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75f5cadfcf83b2e45e6cb27cf81251658093d4823d530e7668df4d205a6b099d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 14

Intelligence 14 IOCs 1 YARA 4 File information Comments

SHA256 hash:	75f5cadfcf83b2e45e6cb27cf81251658093d4823d530e7668df4d205a6b099d
SHA3-384 hash:	fc1055aa9866ce72d1223f79f7dc17b4aa3c4c287b4859fc3d3ee8c4cc34229ee053be2b4eb9ca650275d58da84914b6
SHA1 hash:	7340c4a2b066c1c20dec81fe716f51e18432cf07
MD5 hash:	a2dd1684f25dac294996555df990570b
humanhash:	mobile-carpet-georgia-magazine
File name:	a2dd1684f25dac294996555df990570b.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	591'872 bytes
First seen:	2021-08-18 12:11:08 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c4bbba65aaf569dae0a87d41cd5cbbf2 (4 x Smoke Loader, 4 x RaccoonStealer, 1 x ArkeiStealer)
ssdeep	12288:hr68HmgThdWIZmXf6Pbe/fz7qGcDAOxLdUFzYTTfueNLP7aJwy+Z:1GgThdnZmy47qGcLSUuqeJwy+Z
Threatray	2'282 similar samples on MalwareBazaar
TLSH	T1FCC4E030BA90C034F5B602F845B693BDAA2D3A60577461CFA3E55AEE4A746F4BD30347
dhash icon	60e8e8e8aa66a499 (24 x RaccoonStealer, 14 x RedLineStealer, 7 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://185.53.46.33/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://185.53.46.33/	https://threatfox.abuse.ch/ioc/192020/

Intelligence

File Origin

# of uploads :

# of downloads :

113

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

a2dd1684f25dac294996555df990570b.exe

Verdict:

Malicious activity

Analysis date:

2021-08-18 12:12:10 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/b9e4675b-729d-4013-924a-d5a869693c98

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/180308/

Detection(s):

Win.Dropper.Raccoon-9885550-0

Win.Malware.Generic-9886641-0

Win.Malware.Crypterx-9886699-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Connection attempt

Sending an HTTP POST request

Sending a UDP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/32c49b39-19a7-4a85-9857-174538a05cdf

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/835043

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Detected unpacking (changes PE section rights)

Found malware configuration

Infostealer behavior detected

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/75f5cadfcf83b2e45e6cb27cf81251658093d4823d530e7668df4d205a6b099d/

Threat name:

Win32.Trojan.Sabsik

Status:

Malicious

First seen:

2021-08-13 19:08:54 UTC

AV detection:

16 of 28 (57.14%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ox24vx6pqozoixtmwj6pqesrmwajhvechvjq45ti35gsawtlbgoq._file

Verdict:

malicious

RaccoonStealer

776124547155ae68a2dac2b106f6aa8d39b2e71a3b11ca6241a7e305fa03605a

RaccoonStealer

a7a2d5e0d31d31e452252c14023420621e92967814dc6410f783c5f101c3de1b

RaccoonStealer

e168662d0e8575572bfa981af0509029853c5d5fdee0c8dd0d5b9b74813400bb

RaccoonStealer

f24a559e79ba3121c7e0fed4ac995da056fe6a0dac71b2360f9e340b97117d05

RaccoonStealer

+ 2'272 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:619c26986c79d067eda0bf8e57955aebe9af0fa7 stealer

Link:

https://tria.ge/reports/210818-l1xhrk5532/

Behaviour

Modifies system certificate store

Raccoon

Raccoon Stealer Payload

Unpacked files

SH256 hash:

15be7e0d3ae5014becf4fb571fb76195a352298a2e177dacd9c524684e6e8f25

MD5 hash:

e2b80d81f1664b38f7bd2c7975ca5da9

SHA1 hash:

f436dc2daec55dc708e653046b4b43dda6052b74

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/72d5e118-9897-42b0-87ac-b0f79472f070/

Parent samples :

11cad69f49f4e4cbcb1ca23081305be04fc1d681b3f8a4fcd05a5f58185c0557
c96ee7299b781baa07c317696eb71b343327782df1f643a2140942475176a307
40887b7f1c14e361aa558577b6ff11201f04090fdcec0c28ae76dd11f40ecc27
d64ef977f987acea932618522d714ecf52e3750e791f1b4fd89d59c3dd0f0b50
1e7656ce683bd3fa2d71bf548f93992b268ec2c15f569e8015f3006574885e50
75f5cadfcf83b2e45e6cb27cf81251658093d4823d530e7668df4d205a6b099d

SH256 hash:

75f5cadfcf83b2e45e6cb27cf81251658093d4823d530e7668df4d205a6b099d

MD5 hash:

a2dd1684f25dac294996555df990570b

SHA1 hash:

7340c4a2b066c1c20dec81fe716f51e18432cf07

Link:

https://www.unpac.me/results/72d5e118-9897-42b0-87ac-b0f79472f070/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/75f5cadfcf83b2e45e6cb27cf81251658093d4823d530e7668df4d205a6b099d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Detects Raccoon/Racealer infostealer

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/180308/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample