MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 769e6fac3f7be0c7278bf32ec84b6e96690e06c4ed2c4d06df1f790fc97165e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 15


Intelligence 15 IOCs 1 YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 769e6fac3f7be0c7278bf32ec84b6e96690e06c4ed2c4d06df1f790fc97165e5
SHA3-384 hash: 8f8f041695b876293797bd92ad750465c422b6b07e159eef554118caa96737def6a1f0b291ba1db94a829b9803267f66
SHA1 hash: c6b7cba35c43c5838dff7dd6012f9468f8404a8f
MD5 hash: 438b5b1d65028f384eb45e7fee1cc275
humanhash: fix-artist-dakota-missouri
File name:438b5b1d65028f384eb45e7fee1cc275
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:526'336 bytes
First seen:2021-09-17 09:31:37 UTC
Last seen:2021-09-17 10:56:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 22bb38bf1203a5ace32b34a360eaaf29 (1 x Smoke Loader, 1 x RaccoonStealer)
ssdeep 12288:0xeegSs7lQ9fex6ZRHEt1ZvljAnHgtXKlF8utS+Zr0JB5now2:0xEjlQ9fPHEt1Z5A/lKsSc0W
Threatray 3'057 similar samples on MalwareBazaar
TLSH T19AB4E034A7A1C035E4A712F959BAD3B8B9397AB05F3440CF92D02ADA56346F4EC31397
dhash icon 5012b2e068696c46 (2 x RaccoonStealer, 1 x CryptBot, 1 x DanaBot)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://179.43.175.24/ https://threatfox.abuse.ch/ioc/222954/

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
438b5b1d65028f384eb45e7fee1cc275
Verdict:
Malicious activity
Analysis date:
2021-09-17 10:41:18 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/7ad5b780-fa43-43a0-8ab4-96aefdf8b455

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/188601/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen3.3146.2850.6965.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6175298c9a5a1e91c5d2076b/reports/1d992a6c-aec1-4a48-b421-5db754c05297/overview
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f00e6ee1-1939-4937-98f6-6d2cf9bcb691
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/852702
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/769e6fac3f7be0c7278bf32ec84b6e96690e06c4ed2c4d06df1f790fc97165e5/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-09-16 14:38:14 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o2pg7lb7ppqmoj4l6mxmqs3oszuq4bwe5uwe2bw7d54q7slrmxsq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
447ef561d540f7b87bc2c4d822994b35758e8e2fb6e5a37d92b5ed11be769ea6
RaccoonStealer
4a6434d66a30ccd95a6c269ba54133d0cade8eb565cd7fd6582abeff8a02a3fc
RaccoonStealer
67d16a17f27f15cf21671ccb406e1e8b647aaf90c72c9b276bdbc7eb788ab0c3
RaccoonStealer
79353b4beb5c15fb26a1a4e35742da675a5adeff230f9a4d8f3577d47e263e97
RaccoonStealer
7dab69ecef0dc000e97634c8bf2840242b9e75038f32c0eac5eb79772309e43c
RaccoonStealer
93ba1d3d5ea0f821f84ee02b34b65c3768098b5dfc84022a92f79db5a18f2411
RaccoonStealer
9f60a157b1a91cc18125825a286baaf011e65b0808be4adda258c3180f0be3ac
RaccoonStealer
b4b0d2468c23ab82e82ad967c641e703b623436f950b6a7be1c5ee7211deef15
RaccoonStealer
f0c98f4c47a7f3890884cea6e1e84d19fd63eeed8b05ba9cb367707a0f28aeba
RaccoonStealer
f4e89acd2fe686f7b8006dec8326057703ce9ae4c2636a6119ae48ef4db1fdcb
RaccoonStealer
+ 3'047 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon discovery spyware stealer
Link:
https://tria.ge/reports/210917-lhnnesfbd6/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious use of WriteProcessMemory
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Unpacked files
SH256 hash:
ef64e1741393a9d15cc29ac82680fd2020844b8a7a85371b1a13f7e2ea13b756
MD5 hash:
3cb0b20e7187bbdcc4ff70a662a2b801
SHA1 hash:
23fed5a38ce0a855152420d5446ca66647ab70bc
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/1efa75f5-30ee-4d16-a5fd-ba4d1f642f3c/
SH256 hash:
769e6fac3f7be0c7278bf32ec84b6e96690e06c4ed2c4d06df1f790fc97165e5
MD5 hash:
438b5b1d65028f384eb45e7fee1cc275
SHA1 hash:
c6b7cba35c43c5838dff7dd6012f9468f8404a8f
Link:
https://www.unpac.me/results/1efa75f5-30ee-4d16-a5fd-ba4d1f642f3c/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/769e6fac3f7b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/769e6fac3f7be0c7278bf32ec84b6e96690e06c4ed2c4d06df1f790fc97165e5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 769e6fac3f7be0c7278bf32ec84b6e96690e06c4ed2c4d06df1f790fc97165e5

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1627244/
Cape
Cape
https://www.capesandbox.com/analysis/188601/

Comments


Avatar
zbet commented on 2021-09-17 09:31:38 UTC

url : hxxp://diezmodepalabras.com/a.exe