MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f4650e1a483a2143eb1381d7c73d357b90bb0706e330213c9975639c5452490. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f4650e1a483a2143eb1381d7c73d357b90bb0706e330213c9975639c5452490
SHA3-384 hash: 4801eabd9bceec81f4c2e34e241e61de9a54c0652a446cc50a2ef3e7b55f80bde067d4d2ff7b271160164131c98ed9b3
SHA1 hash: 749a2ac73dc17291269c45e8c82f24dc34322bef
MD5 hash: 051f8f9fc1d86beb1d96845e77489b03
humanhash: utah-carolina-emma-angel
File name:Setup.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:7'287'296 bytes
First seen:2022-11-06 11:09:45 UTC
Last seen:2022-11-06 13:03:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4f8b8ae3bd0fb8e6eb1e1609dbd340a8 (1 x RaccoonStealer)
ssdeep 196608:ActBhKa6xWfwSgqPfkFkFwqSlh+tZtMfqLwW+:HKa6xWfLgO7slh+tTqqe
Threatray 1'222 similar samples on MalwareBazaar
TLSH T16776333343600189C1F9CC36853FBDE535FB07665A06B878A1FAAEC62865CF6D613963
TrID 29.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
22.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
20.3% (.EXE) Win32 Executable (generic) (4505/5/1)
9.1% (.EXE) OS/2 Executable (generic) (2029/13)
9.0% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon ebba91c96920c088 (1 x RaccoonStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Setup.exe
Verdict:
Malicious activity
Analysis date:
2022-11-06 11:12:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4f415bff-2ee2-4aca-af71-e961a7ee664d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/329417/
Detection(s):
SecuriteInfo.com.Variant.Tedy.222651.31874.11046.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/49231/overview
Behaviour
MalwareBazaar
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6367960c775605b3a4f3c53b/reports/57b97f37-49ba-4e99-b4c7-943aa178f238/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/065b5cdb-7205-4bfa-a99f-1055767dae04
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1106563
Signature
Machine Learning detection for sample
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8f4650e1a483a2143eb1381d7c73d357b90bb0706e330213c9975639c5452490/
Threat name:
Win32.Spyware.BlueFox
Create hunting rule
Status:
Malicious
First seen:
2022-11-06 11:10:19 UTC
File Type:
PE (Exe)
Extracted files:
15
AV detection:
16 of 26 (61.54%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r5dfbyneqorbipvrhaoxy46tk64qxmdqnyzqee6js5ldtrkfesia._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
0265914b01090e1992ecd3173fc88ebf5165c41c5268665cef951b4ef0a595b2
RaccoonStealer
314c64429bd92e8ab3cfa9280f89fdac2c93a8706991f7e48d4d70fd80c14a68
RaccoonStealer
4e73230986aab0ad40dbd475ca56fe0f207ff5d935f766a46cd4675e6bc27229
RaccoonStealer
9869984c762f83d237d05082a6bcaaf680e388a7c9af167e3e28085145996526
RaccoonStealer
b2fca983a96d73154e9807ed55a953ac1afe1d1ea56357c51c0bd62b67b75c2e
RaccoonStealer
dcb9409d0c64d5c74526de2b79284ccd7b22fdae29e17509e2dbc0e3c9a84479
RaccoonStealer
f4a57ad535ec4b0c7c1b3fbd9a116e451a392ee3f1e5e8b7a5ee0b05141208cc
RaccoonStealer
+ 1'212 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221106-m9pv8sghb5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/1d53430e-97ab-4c7d-a610-858377e3c231
Unpacked files
SH256 hash:
d98d6b5b0422391ca052800a2f638f9cdb14e99cdfc7c6b1fe13c32832a3fa88
MD5 hash:
f014e64eea95828a6d4c39c634544f7a
SHA1 hash:
7674aa5f77457835fc3c22df86b777c992280d15
Link:
https://www.unpac.me/results/573cab82-9f73-4cf4-ba72-bd6c56ff87b7/
SH256 hash:
56d4f723ebf92b02d57d14484a72d1d93743a29596031f9e9b58fd3b64ab21ff
MD5 hash:
c62f0c51a4c63d7fb43f4b4056ad50fc
SHA1 hash:
6ea58fc1f2e41517e0ff48f7fb6a02f5da615b7d
Link:
https://www.unpac.me/results/573cab82-9f73-4cf4-ba72-bd6c56ff87b7/
SH256 hash:
8f4650e1a483a2143eb1381d7c73d357b90bb0706e330213c9975639c5452490
MD5 hash:
051f8f9fc1d86beb1d96845e77489b03
SHA1 hash:
749a2ac73dc17291269c45e8c82f24dc34322bef
Link:
https://www.unpac.me/results/573cab82-9f73-4cf4-ba72-bd6c56ff87b7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/8f4650e1a483a2143eb1381d7c73d357b90bb0706e330213c9975639c5452490

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/329417/

Comments