MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a94321897190488c591891b0030d5eb55a567ed6f67dd0f07e281f0d2bd4414. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	7a94321897190488c591891b0030d5eb55a567ed6f67dd0f07e281f0d2bd4414
SHA3-384 hash:	9bccd5884fd10c71ac79c6d78d2ab2067a7cd44c7e018dc58bfeb545b3118ff52f443b1188d2b62b01f40dd9abe754bb
SHA1 hash:	9124de73a1879013642fa2a04f50967fbf63b2d1
MD5 hash:	432f1f6aa34f3dc76dfc4ce4309f545c
humanhash:	single-six-nuts-papa
File name:	432f1f6aa34f3dc76dfc4ce4309f545c.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	800'256 bytes
First seen:	2020-06-29 17:57:19 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	00a124700426f28683ce40252cc5f344 (2 x RaccoonStealer)
ssdeep	12288:OA793uS/fzkmOm6b/ndbklZRzjEEAL92E+C2JYaim:9JusPSdbklzwjL4Euim
TLSH	A70512217E93D036C8AA5631F864CAB05A3B7C72C665C1833364DF7A6DB0AE14B63365
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://35.223.217.188/gate/log.php

Intelligence

File Origin

# of uploads :

1

# of downloads :

80

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/16540/

Detection(s):

SecuriteInfo.com.Malware.PDB-11.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/7a94321897190488c591891b0030d5eb55a567ed6f67dd0f07e281f0d2bd4414/

Threat name:

Win32.Infostealer.Racealer

Status:

Malicious

First seen:

2020-06-29 17:59:04 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=pkkdegexdecirrmrrenqamgv5nk2kz7nn5t52dyh4ka7buv5iqka._file

Verdict:

unknown

Result

Malware family:

raccoon

Score:

10/10

Tags:

ransomware stealer family:raccoon evasion spyware trojan discovery

Link:

https://tria.ge/reports/200629-e8422jp8jj/

Behaviour

Suspicious use of WriteProcessMemory

Delays execution with timeout.exe

Checks processor information in registry

Legitimate hosting services abused for malware hosting/C2

Modifies system certificate store

Checks for installed software on the system

Reads user/profile data of local email clients

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Raccoon

Raccoon log file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 7a94321897190488c591891b0030d5eb55a567ed6f67dd0f07e281f0d2bd4414

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/16540/

URLhaus

https://urlhaus.abuse.ch/url/401434/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample