MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84ad5b436d3909450347d7725fad81b59ef80740c4a7219de3454bb13deba152. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 13


Intelligence 13 IOCs 1 YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84ad5b436d3909450347d7725fad81b59ef80740c4a7219de3454bb13deba152
SHA3-384 hash: 30c817d5c65aa35dba499cd5397daa804e302df52b7a60ddc2d16fe4f13d594337a3843256ec6dbb3374edbed36ccb80
SHA1 hash: baf701e638cdc70cd40ddba78459a8043aeef61e
MD5 hash: 20e338de44970aeed555a3900502e66c
humanhash: cold-coffee-zebra-lima
File name:20e338de44970aeed555a3900502e66c.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:501'248 bytes
First seen:2021-09-02 07:31:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 63fc28335e602552107036f2ceb974a9 (10 x RaccoonStealer, 2 x ArkeiStealer, 2 x RedLineStealer)
ssdeep 12288:45qiC9B9dIrEtth9kIh30C2oBQssWHx/jm9vhHf:KCzHzj7uC2oN/Lm9Nf
Threatray 3'686 similar samples on MalwareBazaar
TLSH T1F6B4E120A7A0C036F5B721F865B693BC68297AB16B3450CF63C51AEE5734AE4EC31747
dhash icon e8e8e8e8aa66a489 (12 x RaccoonStealer, 5 x ArkeiStealer, 3 x Stop)
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://45.142.215.144/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://45.142.215.144/ https://threatfox.abuse.ch/ioc/204183/

Intelligence

File Origin
# of uploads :
1
# of downloads :
163
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://up4pc.com/internet-download-manager-crack/
Verdict:
Malicious activity
Analysis date:
2021-09-02 07:14:30 UTC
Tags:
trojan rat redline loader stealer vidar evasion raccoon unwanted netsupport opendir
Link:
https://app.any.run/tasks/ccbb4875-2f78-4f37-a447-91bca98c7e41

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/184691/
Detection(s):
Win.Packed.Generic-9890178-0
Create hunting rule

Win.Malware.Generic-9890222-0
Create hunting rule

Win.Dropper.Raccoon-9890239-0
Create hunting rule

Win.Malware.Generic-9890308-0
Create hunting rule

Win.Dropper.StopCrypt-9890322-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt to an infection source
Connection attempt
Sending an HTTP POST request
Sending a UDP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/835c268f-952a-4bcc-a611-2b0377e35dff
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/843852
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/84ad5b436d3909450347d7725fad81b59ef80740c4a7219de3454bb13deba152/
Threat name:
Win32.Spyware.Convagent
Create hunting rule
Status:
Malicious
First seen:
2021-09-02 07:06:41 UTC
AV detection:
17 of 45 (37.78%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qswvwq3nheeuka2h25zf7lmbwwppqb2aystsdhpdivf3cpplufja._file
Verdict:
malicious
Similar samples:
14e4824be0683d1089694045fb18bfef2da645ab2c4c8b07158894e9d9ec2a1b
RaccoonStealer
16165ccc830fd684b7ee45b9edc104b22f8a516a0e82c5a6655b464c794b4022
RaccoonStealer
a6f0b3c49ac430d8d1e46dc1936c43ca12f90d39327ab157cb04844f9e04d8f2
RaccoonStealer
b0ccf88d4b5ae968794c601fd99c0af9c61d617693cdb9de743ca03a199c1ea2
RaccoonStealer
dca102c7e82eadf4ed9610081714bf04462e486ae00921d52acc850374aa4141
RaccoonStealer
e0939b426b36e4600f0118fc651ade00694d6e27ccb93c8178fc9fe681fb7cce
RaccoonStealer
e9abbf811d367cf26f493d72ccd96749e534804ac27d36956dce0484b1440f25
RaccoonStealer
f5e61fcc4300b16d273ba8e0a957ad8cc89f757d5329409cfed0dea6ae64c322
RaccoonStealer
+ 3'676 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:6e76410dbdf2085ebcf2777560bd8cb0790329c9 discovery spyware stealer
Link:
https://tria.ge/reports/210902-h75jaj7b26/
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Unpacked files
SH256 hash:
a46b6ae8a7b1301477088fcd70ba25f6ec293ef4fbe3c5d11c2aa0861018e860
MD5 hash:
3d298755dfd62f0858f573bb0c45d177
SHA1 hash:
6864238dca996a7dd4e2b49fbd4269c39d977397
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/7de6f155-d577-4b32-8ed0-148cec76c233/
Parent samples :
8b3c9cd19c312c6a1578e6ac26658e1d47ee7dbe7ae319c49c8c2894c58f73ed
ed4dd7a70716601bd085d56f6d4ddd38d1b3d32e9d9da0e8af719f31e9fec3f6
b6f53baac36bea3aa1c2337ee0a9f1f99aae8dbf12ad02ab3abd9c1c850ef24a
bda3352972fc081cacc0f68f036685c84e45c7c355e2caf98f67772537224f50
cce62e69f1139265fbc3cab853c4398736491df59c7924c5b393d835822bb6cb
001df263a7596da6c4a9aae3cb05ae724b17a277ca9f600255581f6473946f38
409814dbfa9612022be53df29a336865b7ca8b5dad0befe8a452d240c51815d5
a6d5c07284e688a58b9eed0c6f44c2d846c6ef6e182b41ba19d6427aaf55239c
5a8586af2ecd930d7f07d606cbd8cc4d0b6a1ab1f9bc0a56a0510e37109e3779
3ef380341b22283b448c8064e5d37ba3445134173950c200778461d724d5a060
09179a44494e6e219361ecb14505f2c4ff05cf061c4ce1b10c68176ff6663640
f7a9627ab70e8be38b6525ebb99ec120e210a33ca583a1468bca1f82b30a9fd9
31b79299519390edb96a85ce119c8e78dd4f5e5cd1a0d111553a89d4d974059f
6da42206d67431f500c18b7628f8ae9ef4118539379ab7d47933de0a1360f776
848813fa2c1bf4b2ae9cce84ba9fafdb5349f9b81c838ea3cf537f7e83e34109
87e9d3c3ea420b23d6d8efb0a78d3643b08f17817b44fc53b0351c009163e916
d9e89002989766047f82c1ea14acfba9bd76544833e2db667f962d25f51152b1
4cec2c9622634d5c5139a10ff2dccb528dfd5e16325c923145793e6d9a1d5ca1
24ceae37612afae77f4004237cd49ef9b4677c5ec527b173269321df8619d2fc
8cc1f2e9be6f3247eec82638ed91df808ff8930c6470e80cf1013e9fa83086c9
c5a04d5472331eb30108cd457d552bd85d1ebb0cda908ddbd6b5d8c92f6df432
a69b78320dc089f93f8e87ec8423d8a92d2f131a1da7536db278daf7b68433a4
d5b118a729948d72d46885055085ced3853d098853c28d84e070a5c107433c4d
391cf04c2660bae380015998989bafc36b91d1a202d2579338c6d73da089e1d3
5670fd70ddaf5aa1d1d449b7beb1c56648a94aa73ed151729c603a458e1d461f
1c9f8cfba47bf43e65ba1047953a15d57b7acea62a5fcfb76eb5804699c5c158
a1ba4bb1dfc61a81c78a0f558b687619c6c82893675c336e9ee6e9ab0fc31118
8c459bab761b3e1e4fe969f7ee3bd9baa6738e649581ac24aba815f0e7f07401
7fefd1d8f3c7c179599f65e7b125f93e15d274ef13ad9a37300a309b5847d327
edbee5ca20e223a4a70a1068d54fe73288f0f05bfa4029e77f697f114e9891b1
394073d6e572d8e2725562fdeddbdaafe2fa486925c19c75ceff3aa64fa2c444
1abe05a6b66d10bebcfc20d1ff0618c90343217c60e32d46a1fc662a28bb0f74
47963397fef9b3840a0c7107d72a281a4be23ffba98d44a0ef0640157a6f38d1
96c23c8a2cd28a27b016c311dbb20c09b5e42ef60dcfeaea16aaa5a673aa31cb
4ed76dd7aa053fdcffaedd22fdda6b537643f6278451dbb41309dcd533e34295
b8a1cf560730d6e7457d061b06807800a087bc348622ab0e11a9b17fe8fd3972
d36e7182e5d0ad3a9d53cbda34909a87696ed7230467a8951e0ed4138aa10459
7e1526e8a418dc74b5d9d2666ba67cb511bead21bb770db5a75dc7e4db77a90a
041db87bc4477d22b3fa90613ace50f7bfd70e248a6f396e8d12b09e982541af
e48a841a4644b0f4e0cc7cb7cd7785443b2a3c297e2428a3b7315a5e865fe21e
766e0e4c2a91ddc5d70d3f0d2f20ad65be33853659a981c7c601750272508d27
c08a3a406e2dee6102e6871f211c446c800973c747c4ff450ba4cd7f0d6fecb5
d46a51a36b6baca339e499669cb4fa6562f7e6cd5e687af81115d48c6bd6df5e
7f2e91f56f3d65721aec23a3aa1133d23c0329bbfc89f365201a3bfe4345a983
b404e518d5bf0a7517799d7d71e6269c2cd561a569266344b8b6b5f0f6da9db7
cd48beae4e4c106cbd321fde2b5ad55cceed277158d4beb001ae1debb1c10a12
8d2c7c32e779c7cc0969cebfc00d711daab9bc03c99c31a271abfae36d63e05e
23328ff578992e73e0b524092ad90c8b7e3cd2ba0e59194c190a58f7f362d553
8fde287fb85261eb4310761676c383c77e0909b4f5af762e123d49242047b400
46a64c9b4e35bc66a5dcb7581d6099aef0d8d87e8a0ff4f2f85ae7e0e21e4bb9
3ac01ac015c0cad84c705d87cd0708c30d8ab64b8b6413f79a2d8e7396eb139b
9ce5e0eb83703e9255c625403386540bf4f3d649b861c429920e48eaa3f8bf55
dc31158b98d4a4478f4b19776d2b0e659cc0f8a1262b9f92cd447cacf90e657c
38a9674f7d9b908ae32bd1a146c9038c685df2aa691e19cdc12cb91301c6f793
bacafa3bff1943a970f182754c7e09a3af4099afe9d416733a178e36acc068ed
df8ccaf669af2748351532e3747156ae4ae2334ad4d17db423301ec241db6d0c
84713f0392b53650488996867344d73810aa1cc69f2b8693291f734f32f58b10
458336e4ae2be58debd691111adf03f41ca863bd1a828daab4622a524a241e86
24f43de4afddd2ffb5de67700b294e389be492553cd4a7360bd64b26cfb95092
f6212f3878383914b8a90b5beff2d844b55722a1ae0c88a9508bc1e49b5914a5
34298394b7cd914491d1c0202c882469c566f649965fe87448bcc5c522fe2414
75e78a31b0f86294e14d4bfe00488022e0d42e1de226f381baf2f663463eecb4
f6a0a9432b452c28d342ffdd64aa7f351339569b93c8f9fa34815fe8b56ec6c0
1e9832eee5a62dee7cf10809d9a40e5b136b1b0a217677a194fc59f1b38f5235
a7c0582c89e8db8b690ae3d87155576c94ebef90b3ba8d2866ed81c6b8d00c08
fe4fe4ea9f193ed1f828b3dcce295152f6f173d74f296166e1bad4899f5dcdef
df6c4fa918a799973dc8d8f96694197a8df58e18739330e8ddb243437259dee2
6b7532faf8d237cb98657ac94e349597fde56fefd93c7da49943e25ddca5a914
26ee1d64f1bb7d8e443a7395ab8c5b1f9762b6e59d43a16ab386d629356ca014
2ab0d39053a25fa8336ce41373c842421255e6aba39b33e1d84fa36725546962
dda579fac53b62f178780c65f278921827b6345f3cd0d3af174fabf8892ad3d7
4c8e5c07822dab56f3bfd9588ea5b2ab9a7b878571c65eddb5d6cd04dcfd34d9
951ab65d360bd4f3990bb3d6f1914fd3c03ee377be3b5166a7a0f7d1601ccaea
953f92fd97343cc68653cb1bc7a0d53b5f00ad34c7b1d0dccb3643a0e85fc5b9
1b96b85e57f32ed92f3c55e8e6f95392aaa9ec3e25ce857d14b62cb2aaf6eef4
8ad829e9227a1d71286b01d33cebe5cef97602776c23a6c9accf194575f69a7f
8db638400434082e7531a28efe594057779e41a771eefacf3c5e8ecd3bc27d83
b9ad2cdb4e6671cf0937066398d8542649518d8d44a642e121f78792e7c05746
c2b25bb9df6a9a9638096e254503369ea3049c8f47bd419f85bef9be2c24f918
2c0a6dc1dd9a54d0044084c627bb9c26e0966d1321d1b2080cd8fe4e975065b1
e7389511c617c606bacb9713d6ece1c19f796cf2bb8f260303841e486c57f05b
7d85b2cd3745c4b6ba88e8ee72231913f70f859bf328cf4a2c0a9ea976042b61
fb0c7b5f987b4224134d48b37bde3dad7fe4538f660d3d461aa470c6aa18e4ec
6e105ac7a3e7271df331395aa080f77eb64de7247074e9eeab8672997a756b5e
2bd07493528c58dd7d3a83841f49da554614d54739a693cef59feb797747b920
e37bdf4ea3f7ac5cb80435dd2d286c0d1b8f924d4ee50b8eada8751868ee0277
47824685d7de629f5c253a36719b2a3e15f2f12f06fb93ace2a297c14cf19b20
20ffbc52ca4b39d8b0ca4caa73a02094f3e51f6d8098b31ccb1a8b6eed8ba57f
90b81724076516bc15051595f939528322729efdc16d00e8f16ac639702ce22e
a1625765c8d9934b5d37d5fd3b5fce9a2c778719d0b9ae69e8d6e64b6baf8bbd
fe327af5504fe22762bab5a02e2f3980940eff55a9b953927aa3f4a75585ed11
d148900cbfc3d3a997ac34e943e2abc39214d2f2fb8fdde378972106465f1c7d
31ec23801086aa690ad0f6de42c28e73bdbc7519333431d23d106fe742fecfcf
200ae905586ed70b0e4d2b45a4090a11076c84874f017b7e1866d7acaab80d6e
3a0f8c1614f5d797d81a89e08490bf5af5cb1ba767c1610e8a2cf52661e20517
9873023035a886932214ba0d93bd10e27d28dff1d16321b99fd763426a79c37e
762aa943aac799d7c819594bf1da29be169f5706376b0e699fa316f8c356b181
8b5e6900369f013f03cad6fb7c5d762c5ce13d30397428331dab63f689db15b1
22f21dadb9fdb43d9da5f91b5d0ce20dc3471ad87514936c6cb9d5e5899f8d38
8997804784c7830668334058b5bb34095eca3e27ffea84910240084c4ffce569
acae5354a2af648fd858686fbfb9414524b26fa4df918356564932e005bba596
cf925943fb0e937659cc243ea646b17c623c9af8390a3fa6e7a650e98012efbb
1f960a290c62f39877f0384c3aeda32170ef47f1a54be1a5eaabe34c1a3c5292
c8f0a74b8b606f28df1285c387fce88e0ba375f5ce475214259687eb90b1f840
99a6ece3e3e38f109f6f036917da988a813eebe731ce4a6f47b9f7a857d39906
e9ed67144c3667a22eb477938b1d0ea60de36ef6bc06dc01640d317937fdfa41
6a39e039b505a8dc77840f5f7992ab2147e80e7e254965abcfed37146a92acbb
7d0cd766563559d26df6a8a7d68a09a0610fe755bd0a5072e7cee54241cf3b06
eb01f91351652bf6094e11c063624a307daec5371ad6514260774909ae2556d3
8b8e94febe720ac57c10c0b6d093d1b97f5d55f0d6abc170cfb9cbde568c42b1
950c8f578b4dd0915b3e40c14d52e71776586c30af8ad81c6783fa7592461e00
dfd1ed779c01419ff0daed07530ffd1de435ca7d1fc5b2202336953c2a9516e0
368a4b8e46a84b72b9ec4777db1b0f98badc11ca213a020de506f67bfc876082
d8d3574f65faddb4c06ef15f66f8a6d9e05464fc63676d6a5489bdba9252be87
07c5bda6acaa4ec2e66b67272abcc4c4be4f38e977d7a80fedb7fe2e3cefb705
2ef903462ba81fd5419d88ed6f5771554859f16068267227116601bde1ca5ba6
bf90427dd2ff96f3eab82d37e0f5ab218825b9e8af811a039cfd93b08d8e488f
dd8fe8c0fc82e8596fba43a2f3db0c109fd6a16c150288f81e43c7b46648f288
e93dc5ab7d1c5a90a33dd83f1930c365a6b6481496b60c5203c8277c37e9ed5c
dcf0e6d3caaf3860dd95adaa7735485a708499234f26c7c31320833a442316df
ea2ff7f4101cfbf1a7e25ae49f4116d991f454d90a2235faa85b7db2106e5125
50eb5a61eba2b5013458e4748e40f54832d8284ac049ab8281a4f3cc15971a86
89a8338a1645c015d678a2fe31f9ad2a18f24e186d3d8a09776657ee57efd98b
7b7eb5321dfa875d1b3454392d8bf94960839aa3ee4a4c9cd66e25fe83296719
e9462358c03fb7c1062a50fe0c8d7d4538eb51292d8683d544ca390349f4ec3a
3301d5471a2630737667511ffb0033f6a9d4def8f53d6cc2f915fe4a7e041d2d
77856aa9610463cbcad6a23407c01bdb5a8cd1507eda7cee2b419e431a6b7962
770c6d5dcaf1f5b8ca34f21ec6b9b92e4cf90af42e30f48528e3f0b17fb2841e
bdad547886a62b8c61b77599bdd9759a9a9571a5b938e078b1da1eeeb2267ba1
b50d54ca66704f005ff32b968635917aea96b684edd545912e62fdc55afc423a
651ec7ce006f15814fd50aa268befe7677076066a3523014fe97eba3e627ce57
13bd79973e4ef8b4aa86d1312aac011abb3d7a0f39c0b547cdb64cca5bb4b8d0
5a596e7c0f64b2c7f19ff48ef15b1b916845a36100cf76c236a3448a85e3c3dd
f33f279fa9d8a9fe9b955d363bdbf03b706d091d66e2a9130e2a59d06cdb83eb
336b73345346ecc0c06d050402fba00e1301be6c4989b448e7cc11c967722d7c
2a2965df35cc748ebcff313e0a4806d5cfe4e8c7e04a3bd70c351157ee228ac9
a7062fb3a21fa88712e225861e57c12bb081bf13526e61f083f84ebeeecbc77f
ee2a69a595644abf1c49894aaca322801c83a124cec7656a0a5df69ad29c10fb
f66d0bc563515675b5d2695fbbba2ca2127e6919bb82869f8a7748a6bb4f491f
55eebe9d7ba942dc7e308f277389bc5f4412fba5c828c2b1b154a1bc3b514dbf
a486da5d4b90a37ab4e1f6bf3160af7f355d4eb1dc4466a8b48a1297ba1ea53a
abb67941245047889df4a4cec2e3f533b4085f393281fba6db017a2c7153be5c
078e506c4e20407cceedfc077550269a46504c5c845b0142d4b4c426490a8199
653415abb991ccf45f4294f374bf2c499e3d9311342f9052763d096834765631
d2ceb877de1be0f55c3a9cdb218ff978066f87ae0caf4ee6bd6401c0272c3b78
fd74093053ea102cff3538ba984db276efe363ee18e49a4410185a55682e21e4
9de1e90d82715721def2a323cf77ff12bc94dd86e9387cab686827a9d98fc36e
b28956b49b064268faffe1eb19d54eed569a416129ebc295e6688b8a50026f65
84ad5b436d3909450347d7725fad81b59ef80740c4a7219de3454bb13deba152
a2941c08da1cad70887891183a5e364a2c6d043f71e1c925befe253986ccb88d
ecc3d5d218ae3df2eb9ccf5a41117f71d9cf4f7718f3bb2590657f22769eed3e
261909596c1afa8ecd9716fa9f6c6eac4141b248b420fd83965bfa8c5ed3d926
0d50745047fa84963eba4fea8db1cc7727bb67346208c6b2e3a04e7b230942c6
c757fbc1ff6501717999dfe95833d3a34f214472a881e957db62192c1ce22fc6
efe25285ceab63a434c9d45f1e1d0bc8eea628869ddc4615f7f37d3d6377e63e
e8eb04d0bf8f0b72e2528a5b7de31e1eed169325d5f40ddc9c96bce1e973a5cc
a83e2d5fd3612419754f48063005ef8f512010bbd83237163bd8d783bdec7446
a2f71273cbe02b6f7a01b888444232210fac6217c3ac58370c01c5ee32a8a7a5
ffd862c979721d613c0001c1924ceac4690560cdbbc46551240c05bde5e025f3
b53d4fee341a7c2fd940d1cf91905582df822ca78c30fdda686f1df792dd6608
c7c414abbdf984e9b783dc88e68bb97f6f7c3cb16765ca5cbee4284b6950e565
53b00c73921333228f85b5291254a67e15c9cc41da6d47f95742b6cbc904b2a2
19b5ec3c795d9b5a03a50c659ea015969aa4fc7e03179e4477d577043e1318f7
2769006a1773d423a88de48a8394e9613b0e81fe1f0085fe6f81efe3b1f86b91
3ed184e52a68f9d35f39ad89b44b4432f94fbf273c9f715c231c51c4c662c048
795c3be6da61368e6bd09aeb8056d05e69a59e179d27752b10b9773bf2c0696d
10a35f4c478b82b80f7c202c605a1a2a6a49a1d38500e464e9935bd9a88424fe
6e2bf5a1a59b6936fa85bbfda3c6733e19f07afaaf026ed0a3d00634252d0133
fe256df07648006fc2e1385a2bdc66ab90c0e1e825fb8d8d3eed7d9bb3450b56
c683bc3da4966110b419ac54d09a54ce798efdb51be398331d9ce011e2636fa9
175d63f407dfa3807346842438b8c52fe681e93b0209a05b7919b39ae0ba3f38
9352b6140384e9f8f19c12e78c722ba92b19b879388c56d23fa1775a1d99b9f6
c47181970c2f45dae194a274ec5cb7d09a9c9b2bd0f108a31548db23e360d55d
46d8b02f4e0467cec5b88890f2fe263371a90d581e83697b70749aad2f743e18
905efe19e56db9ac0d66298656544fa8362149f7c95382f8630663dbc26dd634
ce5794ff9307d5022eb58b257d3da3c97009a4d1c94fddba2ca123c73ea8010b
11ceffa25b6af7e2985ef6beaedac19d1cd14c5a8dff64658d57b4f3eaa516d6
006a29cfbd380a9cc998da7db625341d347b75a911a4970e8b4ec05d70f5b08c
77a1e1c32a6f1e7adaf40a29fed73f441378cbcd670dee28454e3fb3d55ff448
8e446d0c8007a6188e1ca0e254b8212b1adc879d64c51d0b2a0b463330b59c5b
eb635fea07b6a98dda2777a92d8f2fe11dd2ddee0871d90547cd001b51842a95
5f268dd9561d358369ecfa8b17961da130ec3967ea486af9793f79d2d47bc6a9
3a4d10e23dab0c5aa313b6293fa5297ca0c7fee963ee9128021ce3ff1001c96e
330753433ba0cf3f0bd19d061b273c339f99c8dca26c89109af324e11ca8ed11
927bbcd2df9ed9212fdac3a7e3de83626919989208d476f432e3d7f604587118
e3be914d9ad0a4eb020c1b7bd796b03fd452b6bbccf540caa0e576ee1fbcdd0f
5c0ad109b546bde29b0ccdb719caf1eeadd3db95c059ea81961df1497e660839
aee3296569176b2918587bb595da2b8cc01e66025a862c0d57b1a06db4e8f5f9
ec264e6fdf90c467e938f38eec740cab6dfa49bb1496c9da1a386b9bf88dd945
54709730a6ab9ac4ab4249aa673cddf455cba8eaf1ac20ccb6ceb8679be72bfd
ad3e56331443e647b1cad75d5dcb37126cc320e2ec8a58cc8de73334e1740b02
3934d62f537d149e12b81a218a72f1ff79c6bd9e5ce1a977bc7c8e107fb07767
0d30fe5bbadded9ff708eb8725f2fd884a92fbffdd8fa093400a549e7b5dcffe
892e39fae5d66d0ef2391a54402cfd9cfb4119fe3e103a4eb2546c064fa631f2
0ce89e883be37a6576650db92a8da982fb0514f7ecb7747a0ed1c928118a4cb2
e7e55b9899999e69d3152295d1d48e77820cc2bcd80a222809b445aacb204e55
465c1c27f488f592c3c59acdb9b03503dc2ac5cea20df5a78277ec62a4f02d20
1f33aa224f3464124f8f62a38f34e907e38d85af939cbb9156d058e172b6de04
62fceed87e8bb3901e9c4767518031d0977a58cdfa425704e5cceee39083a8cd
a0ad0adbd783a30684a2d143ee6d07e7215e8b1a31d8228ee0197f574c903f0c
eb2f55e1898b0906f7f2cafd631c045df318e1f350c9b05348897d6e6849571d
3e1b8b83851ece859abe32db162d8ef275e9933d54456dff67a2cd6604b6ee34
d76a7b7095a68b57250f7d51afad1d4f3a9e4b902f680caa6d11acfed5c8ba8f
420c4619c256f608cb3f72c27bceafab04217226522a938251ab3642b49b457e
343d17aa4f0e0e0b3d4e4dbfd7fbcc35b02b6660fb45db591e465802ce863575
d22f21b669fe182f4e10c3f78e03f520074d7752af33330f44b2b49995ff257e
408bebf880e9b606c65dc23af00e722f1af9ce32740ad0957755604ae08569d9
9fa0c0bd4d3ae9ac8268e7d43c81315a55dd9e06fe59b8a0cc0c1b451f1b629a
ada9a5c4e57492c3d26314837a7341b16b3095f2fbc9b390cbc48458c8df8914
45ebc17719513a2edab00d45408de24f10ddf56683009e386f3acb4d766c00f5
2ad930f2b6277b98c0efa363bd59c9299f90e609c666976d47a367bf20942a9d
a4352e1f66d1060aa5840d9023d3ad944cd5f9da9a161f1f69ea44b93233bfe2
f4409aa88aaf50daecf2d16fd1dc24e88c75ce7cfc125a80aff4819e0015af2b
35920556275d82ff946da87480c9cb2e2e536d5ad8ee6bad5358b2ebb0428bdd
3392b87a6f088261bbd6abebef13fcbe51bb28ed2f73a47a831de334eff6c280
91186e990bbb05f2d7ad6df2e4cf6e259104b67668ac8b208aec583942a65eaa
0e221e274852f6d0ed97027e993db9143aca3c94c4a9ea9df4aff3110fb61a95
47530b76594be82ce2ce71f606264ae20ab93fc7d3b7078b6edf48bee6a87ef5
965a0aa6e7d381007defeb055808059b8f1d0fa9cc0aa748e472fcf1a58fc9bf
91abbb352f4857d4abfb9e90ec4aadda158566f23b7bc11a48e87fc5150e7706
23445b6992011599519c52b7fb8d0a65e6e603b4adf53fd17b38ddcf1929477b
880d7d43fb3e0f88ce0d8a57d6288176b771ef2edc6e443495535be576ece2a9
a9fbb6e8225f2fe4138da4b27c541828ff4aa76d9c49fcaf3b08d77dc72f3d27
232f95b52c0fe99d26555d25ae25b58ac7ed209d07e32fdbd2fca225ce6f47d2
f75b89253bbf8eecc196711871f889a51685a9d2b8c15f98fab03f0230731f35
0dba3c5d5fde0546888ff7a8ada90af3c2eefe6184bed4e579bee2418ac1c096
82b28b8a53561d8e7bfe66ec32cd62220483b8131efaac0f7eb6143cb12568ea
d4b5d768430676a90e7ab7cfb44d3f775fa759c2bc7f5aa1a7a92b351696295b
4c85f183c091968be8557537f44b8c96a6e350e383ed7aece8c73ed0607b3597
cf3956f0cb019c9576a5d113928bff1f83964b8118bd8bf1f43c3b52cec01bf1
f3bd82cf4cb11e038ec6494fa5dbed8c227a0c012127fe75eefb7345cf83d917
00788a2af499441920ff0f204d7909fe507e3a6601fb128966a5ed365b8053de
0f976ffe5004ad6825e3eaa91a20a3cad5cb9eb14ff6eb5ca3dd1a8eb4f19fb8
0036cbb0add5b8450be9eb58de9c150d160d87a924b21f049421f5d67d6bdfdb
d40c3e6502c12f700c690bde568525959d6134d874235a0b107a9d57ec124fca
8cfde1b7c76e2116c8fc6542d73b21f9351740fb8e304a2d8f4bdf1975546bc6
d04192edea5666de37069ff927274531642cb6b82dbfcb21a52ea2d20085e640
b6b0254090db9c960db5dbd2d5d6e1f4f7e295e69721328fbed71d16e6ffc5fc
e05d2dc3425849dd155458956711878eb262bc5937d58a164868641e0da0cb0e
e8018798a95c46edf4dd057dc0f53e887644941ab5174ccd4019cd7ac39e9a1a
81591058e5bba5cc0cc0eabf671441d0618311e9915acd6e89be88eb02764ca8
SH256 hash:
84ad5b436d3909450347d7725fad81b59ef80740c4a7219de3454bb13deba152
MD5 hash:
20e338de44970aeed555a3900502e66c
SHA1 hash:
baf701e638cdc70cd40ddba78459a8043aeef61e
Link:
https://www.unpac.me/results/7de6f155-d577-4b32-8ed0-148cec76c233/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/84ad5b436d39/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/84ad5b436d3909450347d7725fad81b59ef80740c4a7219de3454bb13deba152

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 84ad5b436d3909450347d7725fad81b59ef80740c4a7219de3454bb13deba152

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1562715/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/184691/

Comments