MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c109ffd0679b1db5638e0f481fd05cd58e4c230b4f56552ae4f57ac7397a9c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c109ffd0679b1db5638e0f481fd05cd58e4c230b4f56552ae4f57ac7397a9c7
SHA3-384 hash: 8b985603cbd94eddc949f27dcbc0743367d8802052457a2d59755c85d861d2ee6c1747944e0c78fe91a62eb73db9754e
SHA1 hash: 1fc82db9f4e7507c3aa48422a8b52feee480cca7
MD5 hash: 8f508f6039de9e9541bae5fbc0c37671
humanhash: bulldog-solar-east-mockingbird
File name:8f508f6039de9e9541bae5fbc0c37671.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:483'840 bytes
First seen:2021-11-11 16:21:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2d715bbee85dde3a5a477ecadeec8734 (1 x DanaBot, 1 x RaccoonStealer)
ssdeep 12288:/20GnXp8YnxnIMCM4Gsf/EQn9TRyye8GoLWiVpl4Kunnb:epvnJW/EQ9TqXAAb
Threatray 4'130 similar samples on MalwareBazaar
TLSH T1DDA4F1307BAD8436E69B1D385934C6A14A3BBC325570404BE7646B1E3A31FEC89F572E
File icon (PE):PE icon
dhash icon fcfcb4d4d4d4d8c0 (70 x RedLineStealer, 59 x RaccoonStealer, 24 x Smoke Loader)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/205018/
Detection(s):
Win.Malware.Fragtor-9907126-0
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/618d42f0dec3347825a21c3b/reports/a5b312ca-4255-4584-8aa1-1854a8259f8a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/719cab0f-5f90-472d-a4a5-b916caf16c32
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/887578
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c109ffd0679b1db5638e0f481fd05cd58e4c230b4f56552ae4f57ac7397a9c7/
Threat name:
Win32.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2021-11-11 04:02:27 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pqij77igpgy5wvry4d2id7ifzvmojqrqwt2wkuvoj5l2y44xvhdq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
16361779af23f2bf8e9061bbf7ab4b702bbec1ceafec1eb4e97dc23a7373ac31
RaccoonStealer
28f5fb04e33ee8f3257b1a2c6f4ade3f281b0d474eea4bdde2abe622a1b11994
RaccoonStealer
57127e39e8381f5008ef721023300501ff39b9018907a46a34b7e40d317d8f85
RaccoonStealer
d09f1f4d1e5cf1ea2c2ffcf037bb2af20315e592f5c7f6d8692c1b60c2713927
RaccoonStealer
e26fe6535f9ec57538d49515fdf98b1a925fa26dd28040a96a5bc1c94a691975
RaccoonStealer
fe3d7939166e8e6ae965d66d98f6ee5583e535b575ba194aef038c6c1ea15ae4
RaccoonStealer
+ 4'120 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:4557a7b982bafcd677193713fa5041fa32e7e61e stealer
Link:
https://tria.ge/reports/211111-ttm52abeh6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
f26cd45865beb6e730757e8d951d4f47d5cf09f21007c07aef855ea331bb1bbd
MD5 hash:
64dc31b187d5092e12dde6fc0b924ee0
SHA1 hash:
0c535398b24b113cb8db275c5a3ba1a797474267
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/c66b2d4d-a7e4-4819-8017-7cd34208677e/
SH256 hash:
7c109ffd0679b1db5638e0f481fd05cd58e4c230b4f56552ae4f57ac7397a9c7
MD5 hash:
8f508f6039de9e9541bae5fbc0c37671
SHA1 hash:
1fc82db9f4e7507c3aa48422a8b52feee480cca7
Link:
https://www.unpac.me/results/c66b2d4d-a7e4-4819-8017-7cd34208677e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c109ffd0679b1db5638e0f481fd05cd58e4c230b4f56552ae4f57ac7397a9c7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Raccoon stealer payload
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 7c109ffd0679b1db5638e0f481fd05cd58e4c230b4f56552ae4f57ac7397a9c7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1738451/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/205018/

Comments