MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 780800ce1dda8fa5c581655d500e9ff67384d3d64d27f98c63dcefd57c2b2f88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 780800ce1dda8fa5c581655d500e9ff67384d3d64d27f98c63dcefd57c2b2f88
SHA3-384 hash: 925f010af700f9032fc10c59a69b0503ffe7a5f8741ec47424558f7ee279acbd4801f492b3bf23def26d810fc1945d0f
SHA1 hash: aebd79ea1d051fd7693fe22a23dee1da427769cc
MD5 hash: 56eb26463e2b47fb14b79fce90729429
humanhash: georgia-football-victor-lake
File name:MetaMansion.zip
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:9'147'382 bytes
First seen:2022-10-15 06:44:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:XOC9sSVmSh9q/aVdHaFsDbMEs6fAqehWrBq3cw803Gp00B:+qJD4/0d6xEmRWrBDw803Gl
TLSH T12B96330714A61FE1DC6C123D82EB0B5636AEBB469622E74F5360E2AF2EF33B5DD11441
TrID 58.3% (.MAFF) Mozilla Archive Format (gen) (7000/1/1)
33.3% (.ZIP) ZIP compressed archive (4000/1)
8.3% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter iamdeadlyz
Tags:exe FakeMetaMansion file-pumped filifilm-com-br RaccoonStealer Smoke Loader zip


Avatar
Iamdeadlyz
From metamansion.game (impersonation of metamansionsbykeys.com)
Smoke Loader C&C: filifilm.com.br | 108.179.193.18:443
Raccoon Stealer: http://45.153.241.28/ | 45.153.241.28:80

Intelligence

File Origin
# of uploads :
1
# of downloads :
365
Origin country :
n/a
File Archive Information

This file archive contains 69 file(s), sorted by their relevance:

File name:CP1253.TXT
File size:9'207 bytes
SHA256 hash: 2d36bec3e1ecbf2b6de8a37c98717ae21ca8c5bc0b487556996b3fff2b6f6fd9
MD5 hash: 6b77baac03038b028948d2a667efdaa1
MIME type:text/plain
Signature RaccoonStealer
File name:CENTEURO.TXT
File size:12'919 bytes
SHA256 hash: ae8fdf0311fe249ee1a3e08fe36c394ca2da791c622b665ddebcb623ac248903
MD5 hash: 3ea4a9a2765040c721374ccbb8e7bd59
MIME type:text/plain
Signature RaccoonStealer
File name:zy______.pfm
File size:684 bytes
SHA256 hash: 1a5660f3f8bb9d18fd6a710d70af26cf1e167fe040d7daf3ce41e527236e1fec
MD5 hash: 7d3be2ec810fa01a9ea7d2a26551cff7
MIME type:application/x-font-pfm
Signature RaccoonStealer
File name:zdingbat.txt
File size:12'296 bytes
SHA256 hash: e7651bcf12532af30c79c499e7a280ccbcd7f208436999a21b1500b07149bc95
MD5 hash: 691886379048a5f9065ee903757af29b
MIME type:text/plain
Signature RaccoonStealer
File name:CourierStd-Bold.otf
File size:30'488 bytes
SHA256 hash: a3c25f2ec60f8d44f150cd4e478067b06cc7267fbaaf844da600ce1c31c6e5c1
MD5 hash: 404952ec4d0ae00dd2f58fb980a99326
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:zx______.pfm
File size:683 bytes
SHA256 hash: b3e66a48a576f1d90277aefb89af9cfd370e7c216978234bfe66b6ab6fa2c0fd
MD5 hash: 705cd85804c3dc1eef81b624ea813bfb
MIME type:application/x-font-pfm
Signature RaccoonStealer
File name:CourierStd.otf
File size:30'824 bytes
SHA256 hash: 54cb5c8e9775cb432afe32b0af688536354ad04ef9c9f1450ee7c88a73bc884d
MD5 hash: f4c2d3851e2781b2b3ff60a2e34e81ac
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:CoolType.dll
File size:3'390'464 bytes
SHA256 hash: d4a0db913fa555808ce627114fe6e2725970499c70364edbedf47d907d52242d
MD5 hash: 6fb9f15b6a1dd1ee9cdb9b4ef290d69e
MIME type:application/x-dosexec
Signature RaccoonStealer
File name:DirectInk.dll
File size:162'016 bytes
SHA256 hash: 7dc1bd1186ad5833093c330339ca242f578c8eb1a83fb12f7f656b91f40f5fee
MD5 hash: 3b07d9d84170b84221e767bb8e0d25f1
MIME type:application/x-dosexec
Signature RaccoonStealer
File name:CP1251.TXT
File size:9'474 bytes
SHA256 hash: f87ed4480cfddb8f5f6226292338ca407ccc7b1a543f3832f1d20aff6cb72a58
MD5 hash: 2926366654dbc6711ee71ba2589161c3
MIME type:text/plain
Signature RaccoonStealer
File name:variant.js
File size:268 bytes
SHA256 hash: 49090f650668507294012663db5648e28e7e20e1eee4df6cd5c4493330ba5994
MD5 hash: 243c7e5e12458bf5312653892d5d59bf
MIME type:application/json
Signature RaccoonStealer
File name:UKRAINE.TXT
File size:4'605 bytes
SHA256 hash: 98dd24a56e7d0e2bd2fc6a8bf429aa7bd3820b0d2d90456b972914639d2278ed
MD5 hash: 96431211151b2e58c23262cce683e033
MIME type:text/plain
Signature RaccoonStealer
File name:UniKS-UTF16-V
File size:3'198 bytes
SHA256 hash: 7e403dae40df21fe3f9b221f7ce750f7f5bff9cc73d82d011c4bcc48a0db60ed
MD5 hash: aba47550affb435a1dcc6b70efab5b52
MIME type:application/postscript
Signature RaccoonStealer
File name:SaslPrepProfile_norm_bidi.spp
File size:13'724 bytes
SHA256 hash: f2501579fc7ab062324b4e1a45428f69f9a37e0363a4fc1d3734157b587b92e1
MD5 hash: 787dcae108ef9d5fcd9f60ce6387e7b1
MIME type:application/octet-stream
Signature RaccoonStealer
File name:CP1254.TXT
File size:9'615 bytes
SHA256 hash: 32fa83c6f8ad346e66e544640942906e0a91cc0d2075324b7f244695de5740a5
MD5 hash: 65d7c9205e1a1393b8530670add4e596
MIME type:text/plain
Signature RaccoonStealer
File name:BIBUtils.dll
File size:174'592 bytes
SHA256 hash: 0f2b3d012a9abe420bc36c62847bba6ca4478ceebc018bad2b19f22d481fcc10
MD5 hash: 79622b56347c1fd44b74bd4ea74cb813
MIME type:application/x-dosexec
Signature RaccoonStealer
File name:CP1252.TXT
File size:9'624 bytes
SHA256 hash: fca3ab5882f0a562794f05d7f15a39157c59d7c07fcbac79ab7cf3d12c979541
MD5 hash: 93fb108016f8a1e87e4129b21fe9984b
MIME type:text/plain
Signature RaccoonStealer
File name:symbol.txt
File size:10'745 bytes
SHA256 hash: 52dbabcdebe38f3e19e9071d6796fe49f1463f03d2d82064aab4a10bfbd4dddf
MD5 hash: 31d752fa13b4d1fc7b7b4747a3f6d3f9
MIME type:text/plain
Signature RaccoonStealer
File name:MinionPro-Bold.otf
File size:210'284 bytes
SHA256 hash: 6af523a01b268ddaab5177e6c0df5024f7192d72b0b1ca9523721fbaa2aa9257
MD5 hash: b3870be83f40b14cb382bd498920a137
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:MyriadPro-Regular.otf
File size:90'404 bytes
SHA256 hash: c812279db1ed52876e3b59791645424cb4714cb710f60da45f1b40757c3263e3
MD5 hash: 1aed3bcf1b764f4ac6d9b988b0e724c0
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:GREEK.TXT
File size:13'326 bytes
SHA256 hash: 1ce082e86367551b2a21465d1b1c2edc103242f7d565411dcea0762e3dd63aa1
MD5 hash: 962d73ae58ea74dfa492bda68064f130
MIME type:text/plain
Signature RaccoonStealer
File name:appmeasurement.js
File size:66'348 bytes
SHA256 hash: d2e99f204e8d86f3bbf34e0239d4ed3aead088ee930614bdaa8d7480edd50ab5
MD5 hash: 5b138ea720b0276b00eca90f5d581768
MIME type:text/plain
Signature RaccoonStealer
File name:ccme_ecc.dll
File size:561'664 bytes
SHA256 hash: cd87094bdb78dbff8a593bef3952495414b2256eb75ac2d466da276d17e8bd9f
MD5 hash: 19f2641706952f221d5f1066d064db4d
MIME type:application/x-dosexec
Signature RaccoonStealer
File name:UniKS-UTF16-H
File size:131'902 bytes
SHA256 hash: ab87d320c81e4c761b7a4cbd342e212db4ebe169b5d10848f2f57d828874e342
MD5 hash: f65c06189a55139e13885d9716bfe35c
MIME type:application/postscript
Signature RaccoonStealer
File name:CP1257.TXT
File size:9'487 bytes
SHA256 hash: 7cb16a0b949f8573b06f22f091c44a1ea251cc9904591fceb2743475302c4640
MD5 hash: 002134c7ea7f619246bbf445caad9f08
MIME type:text/plain
Signature RaccoonStealer
File name:ICELAND.TXT
File size:14'175 bytes
SHA256 hash: e04b3c96f65a27030b5e4b071d8e61b8ede1d94cf7bf7845262b29be2b7656ac
MD5 hash: 48f0f1332aca28076f1d479d8a1c0447
MIME type:text/plain
Signature RaccoonStealer
File name:icucnv67.dll
File size:15'360 bytes
SHA256 hash: ee7e175ca56e43932878a617e3a1ac3c005e33ad6964277fea811417ca10d2f2
MD5 hash: c89f7b63c258a2d8b68a4bdaf5bbb2d4
MIME type:application/x-msi
Signature RaccoonStealer
File name:SY______.PFM
File size:672 bytes
SHA256 hash: 035af7591938139c78f8ad715047c16cd439c6a7791035deec013439921e6925
MD5 hash: 692b5b1be7394e93fd6e0750cae81474
MIME type:application/x-font-pfm
Signature RaccoonStealer
File name:ZY______.PFB
File size:96'418 bytes
SHA256 hash: 1182fcc2fb887713fb954a804f83fae3417c27b6929ecb07c5034dac24586e8b
MD5 hash: 72abd7f6b6b7e6f2ccb06626aa8b46f1
MIME type:application/octet-stream
Signature RaccoonStealer
File name:CourierStd-Oblique.otf
File size:32'296 bytes
SHA256 hash: c54815a2729d633e400a6835679613090c20b91da6cb40fa761aaa475efb77f5
MD5 hash: 71ec484296a30c9379607e36158ca809
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:Identity-V
File size:2'761 bytes
SHA256 hash: 7483db44e4449a7ae232b30d6cba0d8746592757d0e91be82ec45b646c608807
MD5 hash: b5084cbf0ab0c3deac97e06cd3cb2ecc
MIME type:application/postscript
Signature RaccoonStealer
File name:Identity-H
File size:8'228 bytes
SHA256 hash: aae946bc17203b5df12838d07ae5cafc9e85a1d42d1b94d8475ab2d42b77a5cb
MD5 hash: 40f5dc1383e3e8f870ed8f763ed51878
MIME type:application/postscript
Signature RaccoonStealer
File name:CP1250.TXT
File size:9'799 bytes
SHA256 hash: cf79ba755416ae5628a9dd1f870306b5a45fd6b256efed0c2ac1cc2ccb3307f0
MD5 hash: 3c9476725fbfeeffb9f549d995ee2815
MIME type:text/plain
Signature RaccoonStealer
File name:JP2KLib.dll
File size:520'472 bytes
SHA256 hash: 979851cac4a2a0e394f06ca7139d7402911048b094f550dd9b33d1203ae92862
MD5 hash: 73c0da5c825e3a2275dbef4f8dae0813
MIME type:application/x-dosexec
Signature RaccoonStealer
File name:index.html
File size:3'396 bytes
SHA256 hash: bd50e83afd31dfd5f9810d389236ac00dc9f5b93f5000121022d8d56166d4c06
MD5 hash: b497fa31315258244c91634b4e002098
MIME type:text/html
Signature RaccoonStealer
File name:init.js
File size:7'631 bytes
SHA256 hash: 2a474fa03e9e77fa0b2692482f25c48880f52502b322f7ab09d76f23bfcf812d
MD5 hash: d2050a17401cabe7ad9490e3be993609
MIME type:text/plain
Signature RaccoonStealer
File name:MinionPro-Regular.otf
File size:210'808 bytes
SHA256 hash: 327cb2238a82a89176ff6601139cbd0a5cdd8f8e1e057343eae13fa9b1e10ab8
MD5 hash: a4ea2690cfd854b24c968ac6cdce9c33
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:version.js
File size:3'004 bytes
SHA256 hash: 029a3ec8b4cd2b5205c3ea398777c9a6bd14c97db05f6861727eff9544d22571
MD5 hash: 2f6342f2f52ae86321ed33c891887e99
MIME type:application/json
Signature RaccoonStealer
File name:plugins.js
File size:30'752 bytes
SHA256 hash: 6f61feb0bbf1ee38b9ad118d3b203b71f4384fbf336a184ee55da6748a2e0d21
MD5 hash: 65b922f8273d662c21a78710a9971a45
MIME type:text/plain
Signature RaccoonStealer
File name:BIB.dll
File size:122'368 bytes
SHA256 hash: ca53407b356fcdea51a6d536447ed6b88ad14c87facf421080d141cae837eedc
MD5 hash: 404de37b800b661ebfaa218b20c8c0c6
MIME type:application/x-dosexec
Signature RaccoonStealer
File name:SYMBOL.TXT
File size:15'702 bytes
SHA256 hash: c57c451d4a524159bf143573cd0568869c8eed814a999bff7f3e560dabd39f1d
MD5 hash: 46485e1a024abc31e8b9d2b4ca9a3b39
MIME type:text/plain
Signature RaccoonStealer
File name:AdobePIStd.otf
File size:85'552 bytes
SHA256 hash: 5dbc496c0b5a12d9f9ffdb83a46b9fcda8d1fc1fcd50832c783be5e9277a698e
MD5 hash: 8653bfe4c32a8528e981748e28c59570
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:ROMANIAN.TXT
File size:14'763 bytes
SHA256 hash: ff13110e8b448b033f464184a1a07b4cd32f0f0fea203a4401c284073fffad66
MD5 hash: d39f6c0a8cfe6f118ffd105cf44dea90
MIME type:text/plain
Signature RaccoonStealer
File name:base_uris.js
File size:5'672 bytes
SHA256 hash: c2cf0161fb2bfb426c736ee457cc365a9ba52a9b3d01d1801bacf4713415e649
MD5 hash: 001ec2c7b9a24fb99a7728d25f96191e
MIME type:text/plain
Signature RaccoonStealer
File name:CP1258.TXT
File size:9'477 bytes
SHA256 hash: f53d0ffb7f3c8182794331cfdd2fbcf77ff6dbdb05b415c98cc8d6fc49dce2fb
MD5 hash: 88e9b5216b90d0332bd2cd4fcee88a22
MIME type:text/plain
Signature RaccoonStealer
File name:AIDE.dll
File size:2'088'728 bytes
SHA256 hash: d3ba1adbfeef8f19e4aa570299c06d39a87dfc5fe3d85946270b722e44dacda7
MD5 hash: ad388ce4c2cc3aaff605994da782d57e
MIME type:application/x-dosexec
Signature RaccoonStealer
File name:icudt58.dll
File size:15'360 bytes
SHA256 hash: 35400ebcb8010330e18910ddc81ff5d47386af6f93616b96202112c94f67bfc2
MD5 hash: 82189149f0a7e4eaf7da185fffb8d694
MIME type:application/x-msi
Signature RaccoonStealer
File name:CourierStd-BoldOblique.otf
File size:31'948 bytes
SHA256 hash: 698fd9169ad62bd6faedd1c8e8637abc9cc65b3b1a5ba8698242b1447303fbee
MD5 hash: 6804e7413898972e05823add91b1dfc5
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:ACE.dll
File size:1'185'792 bytes
SHA256 hash: f9675304d13efaee32e6b4a3317b64231a59b684532a898d12b4e7ed88518afd
MD5 hash: d0ae82cdf9911bec3eddda128602af04
MIME type:application/x-dosexec
Signature RaccoonStealer
File name:icucnv58.dll
File size:15'360 bytes
SHA256 hash: 47d1821888a1212a141e27007fe99b3fc77b40fc5926fd6c054b850c5911817c
MD5 hash: 94871d17e0b37fea5685c8d3f2f4acc9
MIME type:application/x-msi
Signature RaccoonStealer
File name:ROMAN.TXT
File size:14'394 bytes
SHA256 hash: a58f56f7cf7767658cff9fdfd1ba182cc74a513b3a2b6f34e44625ff811f53dd
MD5 hash: 94a43862cb0159469484841d8370e552
MIME type:text/plain
Signature RaccoonStealer
File name:CORPCHAR.TXT
File size:18'923 bytes
SHA256 hash: 83246b8c942cbacf1031445a99e62acbb4733ef4167bebfba2bd852869824eab
MD5 hash: 0fbad8e1c335ac42617936aa6f89ec89
MIME type:text/plain
Signature RaccoonStealer
File name:dc-app-launcher.js
File size:271'271 bytes
SHA256 hash: 007d6ad1c7e18ea4d8481feda64ccd6a15e1b9c6969918a3bdfc16b1e87dadba
MD5 hash: 3b7dfe9956103743fb3b5f372694a3bf
MIME type:text/plain
Signature RaccoonStealer
File name:icudt67.dll
File size:15'360 bytes
SHA256 hash: 6bb13375779535aa693f51038540381efba654676b1471a10b61c5ad616fb81e
MD5 hash: d73b8ebe06c05cddad49297f668b481e
MIME type:application/x-msi
Signature RaccoonStealer
File name:MyriadPro-Bold.otf
File size:90'456 bytes
SHA256 hash: 2d09971801f2c18fc5a825379404113db237866073ab463a9bf0f3da8c62459a
MD5 hash: e6d1585e6c81e3206948d8548d914fec
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:CYRILLIC.TXT
File size:13'403 bytes
SHA256 hash: 10738cd5bba3b23c02d3655bf2afdf72daeaaef778cda562c6d10ae8d25ca591
MD5 hash: db4ed5c205fddd693dc9ce69cccad036
MIME type:text/plain
Signature RaccoonStealer
File name:MinionPro-It.otf
File size:252'108 bytes
SHA256 hash: 90def22f2b7b3e4aa78a160084a7a2c8f28883b700abaedc004dc74cbc2d9b4c
MD5 hash: 45e2315e99f24ab596f9d3aed29a0fc3
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:icudt26l.dat
File size:214'512 bytes
SHA256 hash: b388595d6e96e51430bec6022b1a5635ca541e60936abd73342ae8319dfe6802
MD5 hash: 525de57b8d1167a4efb7eb00c013354f
MIME type:application/octet-stream
Signature RaccoonStealer
File name:UCS2-GBK-EUC
File size:243'835 bytes
SHA256 hash: 66cdcaed3aa94525c59a82a39a93b96885883bffadea1e572464d559d21443a6
MD5 hash: fb9d6cd4449ec7478ee8ad1bd7465bf5
MIME type:application/postscript
Signature RaccoonStealer
File name:AGM.dll
File size:6'080'000 bytes
SHA256 hash: ee32f4cbba3a601d57064695a8ed5955e1b9af984110d34504b8d5ebb132c084
MD5 hash: b39b8d45413692ff856e9ba907256c2f
MIME type:application/x-dosexec
Signature RaccoonStealer
File name:CROATIAN.TXT
File size:13'523 bytes
SHA256 hash: f353d83def5c9632ffd1925a0f1480e3dc0e00c096aff5680e448cbfd97fad05
MD5 hash: 5c36e2cba7fdd612c575d50974ef708a
MIME type:text/plain
Signature RaccoonStealer
File name:TURKISH.TXT
File size:12'796 bytes
SHA256 hash: 9ecde6f591caed9c2ce4438884da5f22e35fbdbb97e8d80b43129b23a6791891
MD5 hash: 6bfac3d4ab3ac941a0b2a29a56de6f64
MIME type:text/plain
Signature RaccoonStealer
File name:SY______.PFB
File size:34'705 bytes
SHA256 hash: b0480c6f9cee6bb87c1ae159a89a8a9d1ffa46e0ab70461fdf2fc291e2c94b4a
MD5 hash: 6fd0724d1fee177adad6a13c65af5268
MIME type:application/octet-stream
Signature RaccoonStealer
File name:AdobeXMP.dll
File size:908'568 bytes
SHA256 hash: e958f4ed8272a96e599ff9f0a79331e7b5109104a9d20d3f760c7eb162daf7e0
MD5 hash: 7c3033588c1a187918cf3fd246069a3f
MIME type:application/x-dosexec
Signature RaccoonStealer
File name:ZX______.PFB
File size:75'573 bytes
SHA256 hash: ba8f3996fad32c042bf1f474a08b7452f252060882dc4de5a97ec389209e2301
MD5 hash: 5eb6497ffaa36909f6b2a824054bd4d9
MIME type:application/octet-stream
Signature RaccoonStealer
File name:MyriadPro-BoldIt.otf
File size:92'636 bytes
SHA256 hash: 7bcfa54cb8fb5b64dfe36f411d5265f7f71dc6f3b685c7ed0eb3753ee194bb45
MD5 hash: 01e3d8472c3cbc43799fed290b0dc219
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:MetaMansionSetup.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:700'545'992 bytes
SHA256 hash: 67d3921c2f43568804c9d02dfc8cf36470c66b4751179549d487d663daf35d5f
MD5 hash: 52172aa6b69b63f2d1ad54aa7f6361f5
De-pumped file size:1'818'613'149 bytes (Vs. original size of 700'545'992 bytes)
De-pumped SHA256 hash: 3a262a508ab264b9207b08fcc9075d4cd7aa2d7374207577e734772dedfb08cd
De-pumped MD5 hash: 47a829b7aadda0e0ac7058a2c0cd97b3
MIME type:application/x-dosexec
Signature RaccoonStealer
File name:MinionPro-BoldIt.otf
File size:251'140 bytes
SHA256 hash: beb1ca56f9b4f89fb1549fe63a4bc578d2bd8747f967c1df26dacd3ded3f0223
MD5 hash: a7487befbf3c7ba8c957d269d9ba24e1
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
File name:MyriadPro-It.otf
File size:91'132 bytes
SHA256 hash: f234adafb66ad5e47a024ff4881c2edc347d0453c15e811288ef10eb573cc33e
MD5 hash: 4413059068c27d82ad49621ae4aaeb5b
MIME type:application/vnd.ms-opentype
Signature RaccoonStealer
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.decompression.bomb.29185.UNOFFICIAL
Create hunting rule

Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/780800ce1dda8fa5c581655d500e9ff67384d3d64d27f98c63dcefd57c2b2f88
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/780800ce1dda8fa5c581655d500e9ff67384d3d64d27f98c63dcefd57c2b2f88/
Threat name:
ByteCode-MSIL.Downloader.Wagex
Create hunting rule
Status:
Malicious
First seen:
2022-10-15 06:48:23 UTC
File Type:
Binary (Archive)
Extracted files:
128
AV detection:
5 of 41 (12.20%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=paeabtq53kh2lrmbmvovadu76zzyju6wjut7tddd3tx5k7blf6ea._file
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:eb2dd82ae072303c5a1ea819b41e9856 discovery persistence spyware stealer
Link:
https://tria.ge/reports/221015-hh292afcf5/
Malware Config
C2 Extraction:
http://45.153.241.28/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/780800ce1dda8fa5c581655d500e9ff67384d3d64d27f98c63dcefd57c2b2f88

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

zip 780800ce1dda8fa5c581655d500e9ff67384d3d64d27f98c63dcefd57c2b2f88

(this sample)

67d3921c2f43568804c9d02dfc8cf36470c66b4751179549d487d663daf35d5f

  
Dropping
SHA256 67d3921c2f43568804c9d02dfc8cf36470c66b4751179549d487d663daf35d5f
  
Dropping
SHA256 b832c3e5a745a2f05793fafeda25c9bbe15fdb357bdd0e8b6ef0ef45d402d24f
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2375573/

Comments