MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e4edc8ffe28e350521029d003b74b2d77e74d4423c4ceb14fb4860341c8b95f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e4edc8ffe28e350521029d003b74b2d77e74d4423c4ceb14fb4860341c8b95f
SHA3-384 hash: d1d128ef03482ca498cb13f3bc83c364b6608f017f45e52bbb63935f11870ab72d7f5c5a6727fb17e891b7cdfe8c0731
SHA1 hash: 5396942eead1be7510ca4689c6c70111ab8ca7eb
MD5 hash: 0da5863efb6a991be6b2751f67dd481f
humanhash: apart-jersey-alabama-bakerloo
File name:0da5863efb6a991be6b2751f67dd481f.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:602'624 bytes
First seen:2020-06-30 12:07:39 UTC
Last seen:2020-06-30 13:11:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2302c7d2bec8288d05bcff6e73d703af (2 x RaccoonStealer, 1 x RedLineStealer)
ssdeep 12288:XxdkGoGon+TuZzNd8fXIqSZ5ffLKXgsPqdxKX:rkv/GXIlLKXnPqd4X
TLSH 5ED4016333B1E076EC662530A625EAB11EFE6C71252410C377553B3EEE323D07A79299
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17105/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e4edc8ffe28e350521029d003b74b2d77e74d4423c4ceb14fb4860341c8b95f/
Threat name:
Win32.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 12:09:04 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pzhnzd76fdrvauqqfhiahn2lfv36otkeepcm5mkpwsdagqoixfpq._file
Verdict:
unknown
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
ransomware evasion spyware trojan infostealer family:redline discovery stealer family:raccoon
Link:
https://tria.ge/reports/200630-3grxbq1rh2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Checks processor information in registry
Suspicious use of WriteProcessMemory
Kills process with taskkill
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Modifies system certificate store
Checks for installed software on the system
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Executes dropped EXE
Raccoon log file
RedLine
Raccoon
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 7e4edc8ffe28e350521029d003b74b2d77e74d4423c4ceb14fb4860341c8b95f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/401434/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/17105/

Comments