MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 839844cd03415c7ae12a412f2e8f9a6365f87731534a351ea67bfdc6dd36f590. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 11


Intelligence 11 IOCs 1 YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 839844cd03415c7ae12a412f2e8f9a6365f87731534a351ea67bfdc6dd36f590
SHA3-384 hash: b4b3e728663d7d256deb71ddef62227c19c51e012065c6ab310fd32284a989a9067d75f625be8c51b801dc219640d0af
SHA1 hash: 51a8e02f88f1d6479cfe00a37f65535edaf9786a
MD5 hash: 81c1e35c6881abcbc98d714a719b35df
humanhash: winner-yellow-utah-item
File name:839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:566'944 bytes
First seen:2021-06-20 23:45:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:tjBokhbhKzLGr35oJkoZLKI9t6rCPUh/F/:tvBhK/SJ0KIXkCPUhN/
Threatray 849 similar samples on MalwareBazaar
TLSH B5C4E15536E4BEDBD769063294B712B02B34DC7FAA41E70B21501A2F1CE3BD12C1EA5B
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://34.105.169.29/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://34.105.169.29/ https://threatfox.abuse.ch/ioc/137379/

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
Verdict:
Malicious activity
Analysis date:
2021-06-20 23:48:07 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e7ce4ab1-c5c1-4011-a38b-c81418a42523

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Variant.Adware.BrowseFox.62.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b66a2cf8-31b8-4ab0-945a-2e1f9d2dd62f
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/805002
Signature
Contains functionality to steal Internet Explorer form passwords
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/839844cd03415c7ae12a412f2e8f9a6365f87731534a351ea67bfdc6dd36f590/
Threat name:
ByteCode-MSIL.Infostealer.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-06-18 23:19:04 UTC
AV detection:
4 of 29 (13.79%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qomejtidifohvyjkiexs5d42mns7q5zrknfdkhvgpp64nxjw6wia._file
Verdict:
malicious
Similar samples:
211360b0cb7bd4e1fa953a5452efd4e0e28f1917ba51ed4c2e6f6800ea86780f
RaccoonStealer
24a722ce99ba486cf511c6534f66b8e8c9e7f90836dbcbd46e608dc085657a1c
RaccoonStealer
3bbc9dc239950316f60ce159afff3e7d7d1ea57c0feb1288a699da981662b9d5
RaccoonStealer
3d528b742ada6b08740dd5413b53471fadd61ca065332bd768904603bd640fa6
RaccoonStealer
4a0f69418fd192f33d63baeb991a343db79af86be3cde253f38b05ac33205d9e
RaccoonStealer
5146dcf82d334df70b5d75763f4625af0694934aa667e9faaadfad02c56c85a9
RaccoonStealer
612e83248527b731211cc4161bf7c9bf3c15c59312725ef1285902558c3ceb70
RaccoonStealer
b066989014bb1fa69020b9615b5d8074818ac1315eb541ff9e6a2711f0d5d7cb
RaccoonStealer
b46bcadf27236d47a847bf4d96e24db984c7f61485b0eec1f97ca1e3c3ac4079
RaccoonStealer
ecf14e5b521fd83697915fe02ab94585de651c21917d9f949d3c13b3beecac20
RaccoonStealer
+ 839 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210620-wv8bmwbb5s/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
34316bee6fbd18991e8729b6b83aae262e5292743eb7cf09a16dd3a5fae020c0
MD5 hash:
655e97771a4107d016660788efa56e13
SHA1 hash:
9765279b90b49e3968392af8681edc1b2e347d91
Link:
https://www.unpac.me/results/0619d977-eac3-40f6-9ec8-8bdda09257ec/
SH256 hash:
731cb6d0593bd16300f7a5802fde9c76431ea385ee16abb239082c0cb1241275
MD5 hash:
33534539acadec432e0ff689f99af9f4
SHA1 hash:
4cd439b0f153936236c1632be7a1127355e9b03d
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/0619d977-eac3-40f6-9ec8-8bdda09257ec/
SH256 hash:
839844cd03415c7ae12a412f2e8f9a6365f87731534a351ea67bfdc6dd36f590
MD5 hash:
81c1e35c6881abcbc98d714a719b35df
SHA1 hash:
51a8e02f88f1d6479cfe00a37f65535edaf9786a
Link:
https://www.unpac.me/results/0619d977-eac3-40f6-9ec8-8bdda09257ec/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/839844cd03415c7ae12a412f2e8f9a6365f87731534a351ea67bfdc6dd36f590

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Email_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Email in files like avemaria
Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Detects Raccoon/Racealer infostealer
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments