MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7df05092cab55d473494acdae72db1bcb7c71b673ad00de2a7b46332e8f12cb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7df05092cab55d473494acdae72db1bcb7c71b673ad00de2a7b46332e8f12cb6
SHA3-384 hash: bf944c19be120e5aaa6fd1db216c175a217eba3495ea76a02865720b017c6f86fbb37d53eb29a250a199c8c6d2a7b7e7
SHA1 hash: 6e48906e58cb2c0b19dfc1c70f7b2e22c5bf24c9
MD5 hash: a8a36bfbc06c15890ea3c162bb369313
humanhash: colorado-bakerloo-arkansas-september
File name:Setup 2.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:6'978'560 bytes
First seen:2022-12-11 09:02:49 UTC
Last seen:2022-12-11 10:31:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b5af53b96a03972def1a5f287c0c1d5c (23 x RecordBreaker, 8 x RaccoonStealer)
ssdeep 196608:P6crT2kPp+sFjv0aqYFZNrEQxEDlSlQ9K:P6mTZPpRjv0aqYFZNrpxEDw
Threatray 245 similar samples on MalwareBazaar
TLSH T14D6623371F0802D4F489D874A0373D52E2F3E22BDBD0A439E6EED1D615B27A1A52BC56
TrID 30.2% (.EXE) Win64 Executable (generic) (10523/12/4)
18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
14.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
12.9% (.EXE) Win32 Executable (generic) (4505/5/1)
5.9% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon ccd6b2b871a39b93 (1 x RaccoonStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
194
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RaccoonV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/345162/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.150151.15806.25550.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/63959ccb9a505ad9423ee7f1/reports/74aca9a9-8f80-4d05-86b9-4da6e58b6a7c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/209aa488-9d28-4699-8b44-f878188d0aef
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1132182
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7df05092cab55d473494acdae72db1bcb7c71b673ad00de2a7b46332e8f12cb6/
Threat name:
Win32.Trojan.Raccoon
Create hunting rule
Status:
Malicious
First seen:
2022-10-02 00:45:12 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pxyfbewkwvouoneuvtnoolnrxs34og3hhlia3yvhwrrtf2hrfs3a._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
382cc180516898230a242e80456ef81647d83a9d2edb82ecbc809daa65219147
RaccoonStealer
43b95532737d0ccc0b957d1ab3e6ba4310b4618eec3fa485736b8f0a35cb157c
RaccoonStealer
4e73230986aab0ad40dbd475ca56fe0f207ff5d935f766a46cd4675e6bc27229
RaccoonStealer
ba9b4ed1a5f1e4f658430f393969f1b6a602c5534d745ad3f12fae35cf2a64d1
RaccoonStealer
e92b4f323c469808f029e3d970b30684c4a23d652fa1c7da324e14cbd6d04709
RaccoonStealer
fd3f9ee2a7b4e35be97140818562dc4470f90705cbd959e87c07ed983692e33d
RaccoonStealer
+ 235 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:0dcbeb99ec1adc5c2b2b94dc1e3fd2c4 stealer
Link:
https://tria.ge/reports/221211-kz2e6sbd7y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Raccoon
Malware Config
C2 Extraction:
http://94.131.107.132/
Verdict:
Informative
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/7ca43c36-a097-48a7-a649-823139ba48f7
Unpacked files
SH256 hash:
53a7d8fc620e82928e88ec5d24042f6c6850709809461df1816ab59162f3b9ec
MD5 hash:
27af37bf3783218f0c55af235a033d65
SHA1 hash:
9d834e1ecb0a9e41cab1f9aeb3cccf41e83362b6
Detections:
raccoonstealer
Create hunting rule
Link:
https://www.unpac.me/results/4faee7c2-1aba-4aa9-9f1d-ad93c96dc202/
SH256 hash:
7df05092cab55d473494acdae72db1bcb7c71b673ad00de2a7b46332e8f12cb6
MD5 hash:
a8a36bfbc06c15890ea3c162bb369313
SHA1 hash:
6e48906e58cb2c0b19dfc1c70f7b2e22c5bf24c9
Link:
https://www.unpac.me/results/4faee7c2-1aba-4aa9-9f1d-ad93c96dc202/
Malware family:
RecordBreaker
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/7df05092cab5/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.88
Link:
https://yomi.yoroi.company/submissions/7df05092cab55d473494acdae72db1bcb7c71b673ad00de2a7b46332e8f12cb6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/345162/

Comments