MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c21b1b5f71348d4cf42b5ea75b24ea009e86dfae75f8c65d0b62f069863e130. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 14

Intelligence 14 IOCs 1 YARA File information Comments

SHA256 hash:	7c21b1b5f71348d4cf42b5ea75b24ea009e86dfae75f8c65d0b62f069863e130
SHA3-384 hash:	9ea43fdbd9652af857e09e5a8ff4cc828783d68c2297fb11504cbb16b145fdbce2315680df6fae71f0c953c2f8cc123d
SHA1 hash:	93c0e7e3202409653682314086b7e66e609d7c97
MD5 hash:	8961a5db23529a8bfdc665d435327549
humanhash:	carolina-xray-coffee-ink
File name:	93c0e7e3202409653682314086b7e66e609d7c97.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	581'632 bytes
First seen:	2021-10-05 05:26:26 UTC
Last seen:	2021-10-05 06:01:00 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	0c041fb9d9286e241f4f51f0ab8f3f03 (4 x RedLineStealer, 3 x RaccoonStealer, 1 x CryptBot)
ssdeep	12288:MiTwBBkVMAjqWc7c+AK8naJQ5OdnH4jaL6nxzxd6L:LaK9jTc7JAKEt5OdHNmdL6L
Threatray	3'451 similar samples on MalwareBazaar
TLSH	T17BC4F10932A2DFF6D27441F1AB2AC7F0092DBD584D2AB34B37A4771E3F3D291AA11215
File icon (PE):
dhash icon	4839b234e8c38890 (121 x RaccoonStealer, 54 x RedLineStealer, 51 x ArkeiStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://194.180.174.80/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://194.180.174.80/	https://threatfox.abuse.ch/ioc/230436/

Intelligence

File Origin

# of uploads :

# of downloads :

115

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

93c0e7e3202409653682314086b7e66e609d7c97.exe

Verdict:

Malicious activity

Analysis date:

2021-10-05 05:30:51 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/f102eb4e-0a60-436e-a783-8c18195f4102

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/194833/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.37700812.13052.28951.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4f077dd8-2850-4526-8f61-5c44d6e95452

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/864424

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/7c21b1b5f71348d4cf42b5ea75b24ea009e86dfae75f8c65d0b62f069863e130/

Threat name:

Win32.Infostealer.Racealer

Status:

Malicious

First seen:

2021-10-01 17:41:48 UTC

AV detection:

21 of 28 (75.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=pqq3dnpxcnenjt2cwxvhlmsouae6q3p245pyyzoqwyxqngdd4eya._file

Verdict:

malicious

Label(s):

raccoon

RaccoonStealer

25f0da89dfe9a691b9cd1b684d152e51796e90dda51b7bf9a962abd1d7a9fcb1

RaccoonStealer

354efc97e4a680e6b6fceb03d31ead926205efda8d5e0f28abe1c3381aa1991a

RaccoonStealer

586e63037f6297075b488aad3e8b3c2760a1c63852cea2286f89b6ee2617f0c6

RaccoonStealer

63d9d211e1fae3e169ecd91e81e7ce5f10c43c35a2194340cbd85341dc323c4f

RaccoonStealer

678f03e1574817fdf555ebe8701534034315d008addfb0dd7aac8fd35d17e855

RaccoonStealer

7cd0e04ae6cb26444707130e0d56860e56345c9a2153078621eb7bd511ed1f29

RaccoonStealer

7fc5854433b6ba7716cd9d6b4923869d716fa6580fae0b0c839e698966982b37

RaccoonStealer

a60659139ff3a9e6a4a482e060e301c83a25a02227308f6f572d79cc95c63dce

RaccoonStealer

f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5

RaccoonStealer

+ 3'441 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:46dd113e5d6fd3116a6bc7175cc5276a076b8123 stealer

Link:

https://tria.ge/reports/211005-f5gwhahedj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Raccoon

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

ed02370422f01d7251c7d5c25c7e453ea5f8aebba6f6ebc6b26fd06c9e798251

MD5 hash:

8892cae78672a77a8835689d22fe882b

SHA1 hash:

e20e7703ce689397a8a5251a3f7a9c637ff69775

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/4ed12eff-77ec-4907-b07e-1f76dbc3fcc1/

SH256 hash:

7c21b1b5f71348d4cf42b5ea75b24ea009e86dfae75f8c65d0b62f069863e130

MD5 hash:

8961a5db23529a8bfdc665d435327549

SHA1 hash:

93c0e7e3202409653682314086b7e66e609d7c97

Link:

https://www.unpac.me/results/4ed12eff-77ec-4907-b07e-1f76dbc3fcc1/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/7c21b1b5f713/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7c21b1b5f71348d4cf42b5ea75b24ea009e86dfae75f8c65d0b62f069863e130

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/194833/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample