MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82d290c62cb838a94e1948ba84c2a90c42c0ad44bb79413ea0b8ae2560436c8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	82d290c62cb838a94e1948ba84c2a90c42c0ad44bb79413ea0b8ae2560436c8e
SHA3-384 hash:	e637188311ff3093afb0dc014de2c0a0466fe36bab4f19a75163cbdda4e8edc2952db78ca89d98ceb6f56f97b0908ee6
SHA1 hash:	ce15bd338ef5fce426665d21f3694730572a1e04
MD5 hash:	a1fb703772796ca2876a6e1a4e2db9de
humanhash:	alaska-fish-summer-gee
File name:	a1fb703772796ca2876a6e1a4e2db9de.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	595'456 bytes
First seen:	2021-06-01 08:31:29 UTC
Last seen:	2021-06-01 09:42:32 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	04270520ff7500328fbe7b31f4e73eb1 (7 x RaccoonStealer, 2 x Stop, 1 x ArkeiStealer)
ssdeep	12288:AeB5Aifo3bVo5T2OzmWjNg4IXupgEFVaSG6MhddZed8:Aa503bV+9NVI+WEFwr4
Threatray	768 similar samples on MalwareBazaar
TLSH	5DC4C000B690C078F1F736F48ABB926D656ABDA1EB2450CF12C1A6EE56346F0BD31717
Reporter	abuse_ch
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

2

# of downloads :

132

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

a1fb703772796ca2876a6e1a4e2db9de.exe

Verdict:

Malicious activity

Analysis date:

2021-06-01 08:39:03 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/8c64999c-0672-4d3c-afd1-dccb35488374

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/163754/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.46397078.11366.6811.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Sending a custom TCP request

Connection attempt

Sending an HTTP POST request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/795117

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/82d290c62cb838a94e1948ba84c2a90c42c0ad44bb79413ea0b8ae2560436c8e/

Threat name:

Win32.Trojan.Azorult

Status:

Malicious

First seen:

2021-05-31 21:16:01 UTC

AV detection:

17 of 44 (38.64%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

06bbb26ba27ee49aa859191a5116c33e78289bf971c157e616bcb333cc7da182

24499fbfd8a2b2663899841f3cf424b60d60c26351b5d491fd475adf9e301256

2674b15b19357c51afac8b261df00d8afbfd2900cd5b85bfda6bfe19ca5940bf

28e90ac25cc8dcdb8b16cb3403e695b191965e3bfc1f832fcd412177633852d4

40175d0027919244b6b56fe5276c44aba846d532501e562da37831403c9ed44e

a2a2de6ffa56b9dd3cd4f08f66661ba52deb04c2210afb97726c8e7cc539ff48

a4d2e783e7cc4d889422ec448ddcaadb489cca746a534c7c26669874137f1e15

d4a3dfb58cd914442e87bc43526948179b85c2ed4483f8421ba4a882fadbe519

d5ceb138f6efdbb08fb975cb10b91ea50fdd0aa87066ba5db0bdf9c0aef93cbb

fa39527bd6176aaac08ff10a28703326ee1f5136c3e79e57fc1a463e15033e49

+ 758 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:02aadfe757a32a232081b11d497bf4755f9b35fb stealer

Link:

https://tria.ge/reports/210601-88jgpefdys/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Program crash

Raccoon

Suspicious use of NtCreateProcessExOtherParentProcess

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/82d290c62cb838a94e1948ba84c2a90c42c0ad44bb79413ea0b8ae2560436c8e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 82d290c62cb838a94e1948ba84c2a90c42c0ad44bb79413ea0b8ae2560436c8e

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1299922/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/163754/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample