MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80bbc85f7e35c961ddc8284d380e53c07a0bd594bc8bf865d1d536a81f5361c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 13

Intelligence 13 IOCs 1 YARA File information Comments

SHA256 hash:	80bbc85f7e35c961ddc8284d380e53c07a0bd594bc8bf865d1d536a81f5361c0
SHA3-384 hash:	3e301a260950c2390ce17074395f1443f989c76d62fbcbf243bd1bf7dcfcaaa143332082c38be698f104104956df885d
SHA1 hash:	4f1655b90e588c9c5821c3061607c633ce9da544
MD5 hash:	25352832326051f359a4e86b7e448135
humanhash:	freddie-stream-nevada-lemon
File name:	80BBC85F7E35C961DDC8284D380E53C07A0BD594BC8BF.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	474'624 bytes
First seen:	2021-09-02 18:16:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0e491bfc86cb6900f60348f198b356ef (6 x Tofsee, 2 x RedLineStealer, 2 x CoinMiner)
ssdeep	6144:BoaHN8mosrtpDeSZL0mUDYYIVz05GYBl9Yn/YfmdnaxVAbXCg6GpnDZ2m+MWB:uaHN8B4pampY+YBlSPbXZF2ZMY
Threatray	2'768 similar samples on MalwareBazaar
TLSH	T192A4F11231E2E072C58612F64469CB750EBB343801355ADF3FEA49BDAF687A2D72634D
dhash icon	48b471e8d8c9d9f9 (1 x RaccoonStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://5.181.156.221/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://5.181.156.221/	https://threatfox.abuse.ch/ioc/213378/

Intelligence

File Origin

# of uploads :

# of downloads :

132

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

80BBC85F7E35C961DDC8284D380E53C07A0BD594BC8BF.exe

Verdict:

Malicious activity

Analysis date:

2021-09-02 18:20:30 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/b9a05f90-5b37-4cb0-a40f-d5dda49377d8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/184884/

Detection(s):

Win.Packed.Generickdz-9785960-0

Win.Dropper.Tofsee-9786152-0

Win.Malware.Tofsee-9789675-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Connection attempt

Sending an HTTP POST request

Launching the default Windows debugger (dwwin.exe)

Sending a UDP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a24b7493-3717-40a3-9010-f721ab011510

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/844255

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/80bbc85f7e35c961ddc8284d380e53c07a0bd594bc8bf865d1d536a81f5361c0/

Threat name:

Win32.Trojan.Glupteba

Status:

Malicious

First seen:

2020-10-30 16:42:00 UTC

AV detection:

25 of 27 (92.59%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qc54qx36gxewdxoifbgtqdstyb5axvmuxsf7qzor2u3kqh2tmhaa._file

Verdict:

malicious

RaccoonStealer

49ebef70fa634005cfe5fa3be7b8e2167c64328ebaf3f41e10121b7b1368cd6d

RaccoonStealer

4b880328263a8d3318d26b36eaeeda4a2a87962b9b84637a5878a11d5a9df304

RaccoonStealer

501ebf8f394a5c9ce011f60d06fd27e948e40df690c1542903220f5800f19a2c

RaccoonStealer

6cabd0dd9752b745ec4364e3c47bf33510e6e4e2ebd95e5cd15b09d99883d4b5

RaccoonStealer

854d167ff218c5caa012baaa7bb80a2bfdd1ec9c4c6b3a66bef57240ade29422

RaccoonStealer

d5a8828b20a29d77f13eb518dc035d457a37c6c56b3e0cd4fe4bc83c04e0572c

RaccoonStealer

de79f76f370c9eaa2f7fc5b169f414860d283607fdc4ea9b3980b31cf211da03

RaccoonStealer

e964b2343b3f9b9f2fe25d4af384ceceeea24e5402622c449487019a9eab21ac

RaccoonStealer

+ 2'758 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:ddf54473bd6caa74392d1392222628666cb5758a stealer

Link:

https://tria.ge/reports/210902-wwgr5sbcc2/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Raccoon

Raccoon Stealer Payload

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

3becdc74120dd7db722fd27790bfea2afb16694258b6acc0b11fbad10bbd5285

MD5 hash:

610041794594c54ae3ea75e55eb8a056

SHA1 hash:

55fcf3abad51ba9acfd9e76ff93b7d3afe41d19c

Detections:

win_raccoon_a0

win_raccoon_auto

Link:

https://www.unpac.me/results/5a86fbc0-9077-45d0-a408-65d8d787a846/

SH256 hash:

80bbc85f7e35c961ddc8284d380e53c07a0bd594bc8bf865d1d536a81f5361c0

MD5 hash:

25352832326051f359a4e86b7e448135

SHA1 hash:

4f1655b90e588c9c5821c3061607c633ce9da544

Link:

https://www.unpac.me/results/5a86fbc0-9077-45d0-a408-65d8d787a846/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/80bbc85f7e35c961ddc8284d380e53c07a0bd594bc8bf865d1d536a81f5361c0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/184884/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample