MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93ba1d3d5ea0f821f84ee02b34b65c3768098b5dfc84022a92f79db5a18f2411. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93ba1d3d5ea0f821f84ee02b34b65c3768098b5dfc84022a92f79db5a18f2411
SHA3-384 hash: e9984fb3061000bd996c693828d71293b42272524f423427f0d9a47c9de61d67f152e414b734f4f0d54102c06c1e02ce
SHA1 hash: 2e48abcd6c4c2c0d5c0d2b8b66b9545b0c8fbf2e
MD5 hash: 6e50112832160134bc11782d9fe9cadc
humanhash: cup-mountain-uniform-green
File name:6e50112832160134bc11782d9fe9cadc
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:458'752 bytes
First seen:2021-09-16 18:10:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8a8349050dccf77dfddbf10f15c614d4 (1 x RaccoonStealer, 1 x Stop)
ssdeep 12288:hg/L8dvi3OBEd2+V7fS9LkCMVqreUxCQs:W8dvnZ+VsIwEr
Threatray 3'053 similar samples on MalwareBazaar
TLSH T19AA4021135F1E472C4A656708C74C6B08A6AF4F61A74458F7B88FBAE3E312D26B36347
dhash icon b8b078eccacccc01 (9 x RaccoonStealer, 4 x Glupteba, 4 x RedLineStealer)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
197
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6e50112832160134bc11782d9fe9cadc
Verdict:
Malicious activity
Analysis date:
2021-09-16 18:15:14 UTC
Tags:
installer trojan stealer raccoon loader
Link:
https://app.any.run/tasks/2ff477e2-0af4-425b-b20e-b22aa981eef9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/188496/
Detection(s):
PUA.Win.Packer.Pseudosigner-36
Create hunting rule

Win.Packed.Generic-9893288-0
Create hunting rule

Win.Packed.Generic-9893362-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6175250fdb358dd15ed92a55/reports/85d295bb-46e0-4d51-88d5-48975656233b/overview
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/11d4f958-f553-4d82-be7c-0f0839513ec0
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/852314
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/93ba1d3d5ea0f821f84ee02b34b65c3768098b5dfc84022a92f79db5a18f2411/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-09-15 23:41:38 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
447ef561d540f7b87bc2c4d822994b35758e8e2fb6e5a37d92b5ed11be769ea6
RaccoonStealer
4a6434d66a30ccd95a6c269ba54133d0cade8eb565cd7fd6582abeff8a02a3fc
RaccoonStealer
59beb29d06be48da8c6b6719d5840614cd4d55f1a4da75653ba41c2d2e407b55
RaccoonStealer
67d16a17f27f15cf21671ccb406e1e8b647aaf90c72c9b276bdbc7eb788ab0c3
RaccoonStealer
75c941b968a0da0f653a9e21ec2939d615e49e4ffc3f64bb16e00170a5457b5a
RaccoonStealer
79353b4beb5c15fb26a1a4e35742da675a5adeff230f9a4d8f3577d47e263e97
RaccoonStealer
7dab69ecef0dc000e97634c8bf2840242b9e75038f32c0eac5eb79772309e43c
RaccoonStealer
9f60a157b1a91cc18125825a286baaf011e65b0808be4adda258c3180f0be3ac
RaccoonStealer
f0c98f4c47a7f3890884cea6e1e84d19fd63eeed8b05ba9cb367707a0f28aeba
RaccoonStealer
f4e89acd2fe686f7b8006dec8326057703ce9ae4c2636a6119ae48ef4db1fdcb
RaccoonStealer
+ 3'043 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon discovery spyware stealer
Link:
https://tria.ge/reports/210916-wsk1dsdhh3/
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Unpacked files
SH256 hash:
b4b408d010c3d48f96c7c9d0f92c0101f8c6e9788b8b8b58bf28eaafa06c482f
MD5 hash:
47cf2f74cd14863b4e0e1b8bb14806de
SHA1 hash:
ad6346df5328efb8c5bb659f65143de3261841ed
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/86debca0-08ea-42e0-b536-e9d32d242533/
Parent samples :
93ba1d3d5ea0f821f84ee02b34b65c3768098b5dfc84022a92f79db5a18f2411
8e73f95c7c02b3ca287a62abc5e71fd374395777d83b3cb025e837a2b17d44a9
SH256 hash:
93ba1d3d5ea0f821f84ee02b34b65c3768098b5dfc84022a92f79db5a18f2411
MD5 hash:
6e50112832160134bc11782d9fe9cadc
SHA1 hash:
2e48abcd6c4c2c0d5c0d2b8b66b9545b0c8fbf2e
Link:
https://www.unpac.me/results/86debca0-08ea-42e0-b536-e9d32d242533/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/93ba1d3d5ea0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93ba1d3d5ea0f821f84ee02b34b65c3768098b5dfc84022a92f79db5a18f2411

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 93ba1d3d5ea0f821f84ee02b34b65c3768098b5dfc84022a92f79db5a18f2411

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1625662/
Cape
Cape
https://www.capesandbox.com/analysis/188496/

Comments


Avatar
zbet commented on 2021-09-16 18:10:10 UTC

url : hxxp://marmariscastajanslari.bykmedya.com/ftp.exe