MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d83c8cd1c00fda08e1e524c4be95484070cfe1a87b38162a31cd6c86aec566b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs 1 YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d83c8cd1c00fda08e1e524c4be95484070cfe1a87b38162a31cd6c86aec566b
SHA3-384 hash: 446a965d56f82937fcdf5b5ea8e86f9c7523f67653758bf9c82c222230b7b967f0efaf21f10afff4ce2965c3de292d17
SHA1 hash: 396d431154c7cc24235e74cef7973c47e5b9486d
MD5 hash: fa3bea9c92a88ee35e69036fd79c9169
humanhash: florida-yankee-east-bravo
File name:c0dda7a83d4cc964b37957b563b1b6ff6fd64256.smile.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:584'704 bytes
First seen:2021-09-10 20:30:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 35279f0bcb93fbb246a2ff5f9995bdc1 (6 x RaccoonStealer)
ssdeep 12288:HPyvUhuDGncJlujEpr8qEFRkbNZ5tWDmp4NAc15Kp3CIF5j1QwZPDrE:Qwckyr8RkJXampEhoPa2PDw
Threatray 3'020 similar samples on MalwareBazaar
TLSH T1BFC49E2675719076F17240B0AE6CABA1167EBC7049324EAB73CA063D4FB15D2D721B3B
Reporter Scoobs_McGee
Tags:exe RaccoonStealer

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://5.181.156.77/ https://threatfox.abuse.ch/ioc/219656/

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c0dda7a83d4cc964b37957b563b1b6ff6fd64256(1).exe
Verdict:
Malicious activity
Analysis date:
2021-09-10 20:35:01 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/ff40c450-5a71-48ae-9400-bc3689494527

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186972/
Detection(s):
SecuriteInfo.com.Variant.Zusy.301787.20014.27881.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt to an infection source
Connection attempt
Sending an HTTP POST request
Sending an HTTP GET request
Creating a file
Deleting a recently created file
Reading critical registry keys
Delayed reading of the file
Creating a window
DNS request
Creating a file in the %temp% directory
Sending a UDP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Stealing user critical data
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9a258103-df7f-4317-b882-ccab9aac257b
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/849031
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Found malware configuration
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/8d83c8cd1c00fda08e1e524c4be95484070cfe1a87b38162a31cd6c86aec566b/
Threat name:
Win32.Infostealer.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-09-10 20:31:09 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rwb4rti4ad62bdq6kjgex2kuqqdqz7q2q6zycyvddtlmq2xmkzvq._file
Verdict:
malicious
Similar samples:
03d23ad7ab07c264aa23794c51236157641a98f8a6b40dc063e3403e831b967b
RaccoonStealer
091ee9a9dd7f5501d96e04c9d7cfda6bb6cf3cdcb308f2ef293c123f675d56a7
RaccoonStealer
0ddb264e5fcc3d88e1319319d421edb7d12fb66ef73920f8ec45f5e3eddcce07
RaccoonStealer
3c2557c292a2e3a61a85cd44f45f8f3998fd16db3e5e523353eac61a879f726a
RaccoonStealer
3fa40031fe4c0dda1a5e228221ab8e839333f6219d74e89114067c332b59bf39
RaccoonStealer
447ef561d540f7b87bc2c4d822994b35758e8e2fb6e5a37d92b5ed11be769ea6
RaccoonStealer
675d315e728f48317a23c5f63712f99e82090a2922ecb255f80f2545bfed788a
RaccoonStealer
75c941b968a0da0f653a9e21ec2939d615e49e4ffc3f64bb16e00170a5457b5a
RaccoonStealer
80f0607db29814c032dd81fabf31e3c7e1134c5cf9fde17d639556381d5299d3
RaccoonStealer
dba5e6264deed1c0d630810ce0ba5931e442398ab117ab551f05e77d69613bfb
RaccoonStealer
+ 3'010 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/210910-zapseaaeh2/
Behaviour
Enumerates physical storage devices
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Unpacked files
SH256 hash:
8d83c8cd1c00fda08e1e524c4be95484070cfe1a87b38162a31cd6c86aec566b
MD5 hash:
fa3bea9c92a88ee35e69036fd79c9169
SHA1 hash:
396d431154c7cc24235e74cef7973c47e5b9486d
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/36493134-b4ce-4147-ab06-32aa98320d6d/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/8d83c8cd1c00/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8d83c8cd1c00fda08e1e524c4be95484070cfe1a87b38162a31cd6c86aec566b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/700130ee-741d-4e71-a461-563a6fc8f2cf
  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/186972/
  
URLhaus
https://urlhaus.abuse.ch/url/1609102/

Comments