MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7dd1c908d34a6170526100d59e3f9bdba5b40bff6655cfac2165e9a600b74052. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs YARA 4 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7dd1c908d34a6170526100d59e3f9bdba5b40bff6655cfac2165e9a600b74052
SHA3-384 hash: 5f72e9ec961f014f557ee371c1b72621967310e5a8d0fd33128ca82578f8340847f0d9dffa93eb96df9780f9df7e1dc2
SHA1 hash: 41b352fe9d82c8cc9a1c1aa182c1493963ee52a2
MD5 hash: f42547787dce72e8461bddbd19999cb1
humanhash: uncle-april-quebec-pennsylvania
File name:f42547787dce72e8461bddbd19999cb1
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:506'368 bytes
First seen:2021-07-17 17:29:12 UTC
Last seen:2021-07-17 20:32:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4c2cb70eaa36e2f27e3da0ec1f2cb347 (7 x RaccoonStealer, 2 x Amadey, 2 x Smoke Loader)
ssdeep 12288:uu96S3wk4/nSRxEqy9/v9CLqoV61NhSuBJ:uBPkgnSRCqbMhSuBJ
Threatray 1'552 similar samples on MalwareBazaar
TLSH T16AB4011171B0E533D0FA0AB16834C6A12533BD216679B94BB79B3E1B3E322D0B176397
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f42547787dce72e8461bddbd19999cb1
Verdict:
Malicious activity
Analysis date:
2021-07-17 17:33:08 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/4c847ed9-ed4f-453e-9d72-4248f33207d9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/172354/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.6406.29084.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/de11ef37-a6cb-485c-9b52-6067f31488fa
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/817848
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/7dd1c908d34a6170526100d59e3f9bdba5b40bff6655cfac2165e9a600b74052/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-07-17 17:30:03 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pxi4scgtjjqxautbadkz4p433os3ic77mzk47lbbmxu2mafxibja._file
Verdict:
malicious
Similar samples:
137026a259166724d41d797fc3a5fd8ba40c30e9eab4e71db7ab8ad54747a77a
RaccoonStealer
1c1e85ff09ebbcbf9ed57aac37a053aae5e58cd778dc91f2a1eb9c1119b2843a
RaccoonStealer
290161d5869781e1109033aa0932dbfcc7500e9b27f8140cce150040faa63a85
RaccoonStealer
31aaf1ea33e7e5b1f08771d516b1cdd94e5205b2b3ddeedd5643414683e26ce7
RaccoonStealer
39a941b9eb9606a9b178c97dd4fd38e58f379f4794a6ce60960e093d02b9f991
RaccoonStealer
b82b210a1ead0d52042310991c59e3417ea2606f00591b7bd4440e8d23d31f88
RaccoonStealer
fa6bb71a87feb5e587dc62cc22c3fb5d447c1206bdfb3c18e9f73192f3deddd5
RaccoonStealer
fd334a4ab28967e20bc7460e59d1016d52988bfe8b2b7885f77f88eef05a68bf
RaccoonStealer
+ 1'542 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon discovery spyware stealer
Link:
https://tria.ge/reports/210717-7wg9hbrqre/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious use of WriteProcessMemory
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Unpacked files
SH256 hash:
25ab3d0494d3be9c1971eead58bda99a275b27e67cb3c11db2433926c01ad528
MD5 hash:
8fa3fabe1d7cadc97d1eb00b4dfd21d3
SHA1 hash:
2b3d6d03435710dda190ade0262f97fb0bef840a
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/4c1e633d-f8f5-4b89-b12a-ec69d29fb628/
Parent samples :
39a941b9eb9606a9b178c97dd4fd38e58f379f4794a6ce60960e093d02b9f991
fd334a4ab28967e20bc7460e59d1016d52988bfe8b2b7885f77f88eef05a68bf
7a3fc9f6ee1d3c7546cba0d8ad3d9d7ce7af249c5d69f7d8c9e65f3ba41bfa40
92c79201b019efccd41eaa985d94ad4fcd4989c2023d323f4cdcfe359e3a5433
7dd1c908d34a6170526100d59e3f9bdba5b40bff6655cfac2165e9a600b74052
070ec3d1919bf35c817b1cb28ad379d2411a888160442d2e5e4c52f471611079
f2e446de19385b892001229c285798ccf8ef498b4b2a12092e9d07a437d3002d
12fe2d127b9b07cbb83148502c9e297825fcd43c4538097e6ed376d31c020a2d
f6a03d67c52f6d431a7500e311b09edc8835d0cae6414e09b884fdab6e608e2b
73ccf81d0e86eba685edcf4b42f97a036e6d2d5a5e9573d7580c71a74c7c116c
0128936379b8761d89b22f7eed080acfe103b2d429ef1b4d06f6c781f682bacc
c6455136a31d5172e97027b300869d6d1f70081fab41b2e18f0b444475e3280a
e4d1670d1785eabdda12d45ee5c32c185863e1f3d049424a8c616a062659cb50
9b150336d4abc38eb73c89d41777d33ced5bc6cb5c7549b893422d48c4b5bb41
9767a7bc59eb352854aa19905169dbd0801d99831322b0d899b58085509700ff
b1ba2d7a4b78729cf332357c9d5e5e63b51796bc107fff6a45dd6149a3760365
fede5b49f081d6a49e095c8eb78f0005ea4f161288b57ff138a28175fd1c363b
323dcfa2326ac5b132ac699f6d259e9f340d1e01d45032a0955cf024a420aa37
137cc549003d220137e5277e1bd6ad842f212aa545d4ee7e58ad8b5c4e244cac
9421686fa8a1d7760d903d3a0f4c062182a0434cf50a98de2e2e80a11525360b
9c26a73079daf216cff436925d647e992acafff5ccc644d97424e1bf05797e44
f008c90d89557c6fc77c36be56ebabf294e414e04ac1ddf00b4fdaa22af3a7f1
c3b24fb20cb96eddd7d3cd9072bc9b690dcc07b8a69873f21efab1cc02cbab90
cb00c6d4692dba24ced86cb2c28685c5fba1a05492b1a6454c1cf92d6b2f99eb
0c66ab7992f278f1bbcc3256c2dc934b9e87247c2dfbe234a8d4c4800aef8e0f
2b496b44c02b426347ec40f323b9a43912dbf79fdde8196e52c66825b6f5c535
cc700dbe94443210da536da83b5eb74444d81fe581d018c8b4a9fd6800eb6947
0427b3ecda18d67665d14b989d6296fe02b74cf27b8721a5fd09cc14a92493b5
779dfdc196d5a63adb4e8b7ba1b2b65ed8e52eaea518a1dfd735a69c3b109046
a91d1235d7b44e451dada8c9a827e570b7b83eb8790c065af88c0c974de5dd51
e297c89612778a4e826b0c9500211d586a6d88ae51a1cc0219f68a2de88f41c2
57b1d501068652fb0e62a38dcbca64da9daed1a650f60e5c795dd4036c73890e
5e97b63b5e06af7693cf6603d48ab68101a18b0c6d72b837d320e891e1597ea0
SH256 hash:
7dd1c908d34a6170526100d59e3f9bdba5b40bff6655cfac2165e9a600b74052
MD5 hash:
f42547787dce72e8461bddbd19999cb1
SHA1 hash:
41b352fe9d82c8cc9a1c1aa182c1493963ee52a2
Link:
https://www.unpac.me/results/4c1e633d-f8f5-4b89-b12a-ec69d29fb628/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7dd1c908d34a6170526100d59e3f9bdba5b40bff6655cfac2165e9a600b74052

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Detects Raccoon/Racealer infostealer
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 7dd1c908d34a6170526100d59e3f9bdba5b40bff6655cfac2165e9a600b74052

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/172354/
  
URLhaus
https://urlhaus.abuse.ch/url/1461875/

Comments


Avatar
zbet commented on 2021-07-17 17:29:13 UTC

url : hxxp://poloainstall.com/download/pl_installer.exe