MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85a36b790bf6afe574fe90bc06e56c1a5b0380d987026d2cd7c75f795a8de73c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85a36b790bf6afe574fe90bc06e56c1a5b0380d987026d2cd7c75f795a8de73c
SHA3-384 hash: 7a81f8a27f1b21137931c75cc151b6478f048dfbe758b97966c5c2004137862e1a1c56278582f30c0f119d155b883738
SHA1 hash: 90d66f6c09d3c7d5b8ddfcba3692869e25d55f29
MD5 hash: 4adf9c89320348237cc3921c19eb2cc7
humanhash: march-diet-sierra-edward
File name:4adf9c89320348237cc3921c19eb2cc7.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:317'952 bytes
First seen:2021-10-15 07:44:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fca1d58205e9c77175b87324501ec95c (1 x RedLineStealer, 1 x RaccoonStealer, 1 x Smoke Loader)
ssdeep 6144:48yB2vLLlTsypGIjvfqKdpaZbPSC4CsIOv36fA7:4RBINsysIjnnpaZWPCsI0cA7
Threatray 2'349 similar samples on MalwareBazaar
TLSH T171647D10ABE0C038F5F356F949B9936CA93E7AA1AB2890CF53D516EE46346D1EC30357
File icon (PE):PE icon
dhash icon ead8ac9cc6e68ee0 (118 x RaccoonStealer, 102 x RedLineStealer, 46 x Smoke Loader)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
215
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4adf9c89320348237cc3921c19eb2cc7.exe
Verdict:
Suspicious activity
Analysis date:
2021-10-15 07:47:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ec7dbc76-2fb3-404c-8b8a-0ac59a42bb57

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/197693/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/61693187fd35fe780c426d5a/reports/6fd68e72-9433-4b37-b06b-6647292ffd0e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/41cfaf8b-808a-4948-83b5-b907524965ea
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/870997
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 503425 Sample: B3bd7tAtvF.exe Startdate: 15/10/2021 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 6 B3bd7tAtvF.exe 2->6         started        process3 process4 8 B3bd7tAtvF.exe 6->8         started       
Detection:
redlinestealer
Create hunting rule
Link:
https://mwdb.cert.pl/sample/85a36b790bf6afe574fe90bc06e56c1a5b0380d987026d2cd7c75f795a8de73c/
Threat name:
Win32.Trojan.DllCheck
Create hunting rule
Status:
Malicious
First seen:
2021-10-15 01:32:57 UTC
AV detection:
15 of 27 (55.56%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qwrww6il62x6k5h6sc6anzlmdjnqhagzq4bg2lgxy5pxswun446a._file
Verdict:
malicious
Similar samples:
1561d6849d0b3394ab23968ba921e3c9af313ecf90cf2911b64889536c080dd4
RaccoonStealer
323a27a7f2a664921d46c965f0c8d5977fb6c8fce20ba04e208c2945b7abdbba
RaccoonStealer
49ad4fd1bd40286214edaee6edfa7ce8915b6bbd39758a4a93175f48626a478b
RaccoonStealer
4eb02a90be27af84c49a2f62da8e179e5117d82db4e25c7a2c80e2954583bdb3
RaccoonStealer
6ce593e9aa59ebf1c4e6763b626669a4d24a32dc1183b85c6586c8d949a9e024
RaccoonStealer
90618d3aa5146d27b46476a4c7bfcc2e5323b74dcbcf2c0af6b4f00c4c2d9297
RaccoonStealer
f901f95b307d303778cafcb4b3158b8e4afd6b001c55461165fb55bd0c1fc29e
RaccoonStealer
ff9460e1f512fe522007f82dcec1da7a6186106f4b2833c51de5d873b8986dd4
RaccoonStealer
+ 2'339 additional samples on MalwareBazaar
Result
Malware family:
tofsee
Create hunting rule
Score:
  10/10
Tags:
family:raccoon family:redline family:smokeloader family:tofsee botnet:01971c26c29bbf6e54f3c895cd6c6ab13f72303f botnet:12 botnet:43ab0e96f8a4de7ddcfd2d8f5cf651c629a89e17 botnet:fbe5e97e7d069407605ee9138022aa82166657e6 botnet:megaproliv2 backdoor discovery evasion infostealer persistence spyware stealer suricata trojan
Link:
https://tria.ge/reports/211015-jlfqwabddm/
Behaviour
Checks SCSI registry key(s)
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Windows directory
Launches sc.exe
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Windows security modification
Creates new service(s)
Downloads MZ/PE file
Executes dropped EXE
Modifies Windows Firewall
Sets service image path in registry
Nirsoft
Modifies Windows Defender Real-time Protection settings
Raccoon
RedLine
RedLine Payload
SmokeLoader
Tofsee
Turns off Windows Defender SpyNet reporting
Windows security bypass
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
Malware Config
C2 Extraction:
http://honawey7.top/
http://wijibui0.top/
http://hefahei6.top/
http://pipevai4.top/
http://nalirou7.top/
quadoil.ru
lakeflex.ru
135.181.208.162:13904
93.115.20.139:28978
190.2.136.29:3279
Unpacked files
SH256 hash:
c32d9999dab43a35b2b5811d491d28368fb7136775c91235fac31e4ab220ca6f
MD5 hash:
10a8e5a132a617e525c4bf6fc200893d
SHA1 hash:
f1cb92b75df262b913e13ce859e544539ad521c9
Link:
https://www.unpac.me/results/599410e6-36fd-4c56-ba81-032e72694493/
SH256 hash:
85a36b790bf6afe574fe90bc06e56c1a5b0380d987026d2cd7c75f795a8de73c
MD5 hash:
4adf9c89320348237cc3921c19eb2cc7
SHA1 hash:
90d66f6c09d3c7d5b8ddfcba3692869e25d55f29
Link:
https://www.unpac.me/results/599410e6-36fd-4c56-ba81-032e72694493/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/85a36b790bf6/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/85a36b790bf6afe574fe90bc06e56c1a5b0380d987026d2cd7c75f795a8de73c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 85a36b790bf6afe574fe90bc06e56c1a5b0380d987026d2cd7c75f795a8de73c

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/197693/
  
URLhaus
https://urlhaus.abuse.ch/url/1660824/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1669848/

Comments