MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8439fa8a13045b7b4fbbcb75211828dd7dbf8cd0d7ef6007cbabf5b088b912da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	8439fa8a13045b7b4fbbcb75211828dd7dbf8cd0d7ef6007cbabf5b088b912da
SHA3-384 hash:	47142d9f61d5d5a5cd1d7fdd9141284d4549361a50eb8fac2c96808f5fdbbc1bcdbe6df523931bbb09ee259f50226a04
SHA1 hash:	69eb3eedbe00ba32c43e062e310b9f275a18e60a
MD5 hash:	4251239c56d9f3effb2a64af7f42cee8
humanhash:	wyoming-massachusetts-september-tennis
File name:	4251239c56d9f3effb2a64af7f42cee8.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	6'595'584 bytes
First seen:	2022-12-26 08:59:44 UTC
Last seen:	2022-12-26 10:34:10 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2043dd0991495b0479dcfed2f3d66691 (1 x RaccoonStealer, 1 x LaplasClipper)
ssdeep	98304:oStsWyriD7IBDvryYFtxt2Cx1O3t4ZHT2nDWxx0gNJK/a9pyGfzJ0xSrO0F:0Wyssvryctxtn64+WNJK/a9pNfzexT
Threatray	256 similar samples on MalwareBazaar
TLSH	T1F0662333137624C9C1EDCC3C8637FEF931F617278E81A87969AE6DC52A11591E213A63
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

# of downloads :

226

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

4251239c56d9f3effb2a64af7f42cee8.exe

Verdict:

Malicious activity

Analysis date:

2022-12-26 09:01:08 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3b9d9646-1906-4e90-aab9-0860df15a36c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Variant.Lazy.255264.15096.24279.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a file in the %AppData% subdirectories

Сreating synchronization primitives

Launching a process

Creating a process with a hidden window

Enabling autorun by creating a file

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

greyware packed shell32.dll

Link:

https://www.filescan.io/uploads/63a962970e926711fd74b2ea/reports/92082130-721b-4b2e-aab8-a334e00f2f9b/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/76db17a1-9b39-4f83-b901-855bca5378b5

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1141053

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Tries to detect virtualization through RDTSC time measurements

Uses schtasks.exe or at.exe to add and modify task schedules

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8439fa8a13045b7b4fbbcb75211828dd7dbf8cd0d7ef6007cbabf5b088b912da/

Threat name:

Win32.Trojan.Tasker

Status:

Malicious

First seen:

2022-12-25 23:58:27 UTC

File Type:

PE (Exe)

AV detection:

15 of 40 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qq47vcqtarnxwt53zn2scgbi3v637dgq27xwab6lvp23bcfzclna._file

Verdict:

malicious

Label(s):

raccoon

RaccoonStealer

3b66abe3a8f155402ec2d039a4f469aa7c515379cfbc214a8b89406c16415a17

RaccoonStealer

3c1b550a3afa8207c88ee4d267c096d4be36af794174345c5989a94351f62af4

RaccoonStealer

7b49988a41f87260871578ac40ee21ce66a9b8fc614775875675866ff13188e6

RaccoonStealer

90c3df045da659194fcf00893e7cd940de6dff4f17830444501e06d1488f06ec

RaccoonStealer

9dfc2b987cfac7d4b2dc842bef5d9680724a0d8a65bef2ef175ad2e5672e429b

RaccoonStealer

c5b4ef6efd9f7da867cceb90761c47c62e882bce0cc20ca88f5f73fb7308c01c

RaccoonStealer

+ 246 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/221226-kyb4wscf78/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

bd7a0bd0b444eb71d8ac8ca2d3a5f6f560f3ba6664ea68e30bc1748e808b6f82

MD5 hash:

31aa85557ade3d2bb21beebf2b1bc082

SHA1 hash:

6e2d3dce4de5774aea5ea303391878060f389660

Link:

https://www.unpac.me/results/cd5e6e76-2c65-48f0-b036-569751019769/

SH256 hash:

8439fa8a13045b7b4fbbcb75211828dd7dbf8cd0d7ef6007cbabf5b088b912da

MD5 hash:

4251239c56d9f3effb2a64af7f42cee8

SHA1 hash:

69eb3eedbe00ba32c43e062e310b9f275a18e60a

Link:

https://www.unpac.me/results/cd5e6e76-2c65-48f0-b036-569751019769/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/8439fa8a1304/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8439fa8a13045b7b4fbbcb75211828dd7dbf8cd0d7ef6007cbabf5b088b912da

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

exe 8439fa8a13045b7b4fbbcb75211828dd7dbf8cd0d7ef6007cbabf5b088b912da

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2469977/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample