MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 945f8ea6c8e20eeceb0101ec0f0fc5a4bfe95918dae47441145deb66acf8781f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 14

Intelligence 14 IOCs 1 YARA 4 File information Comments

SHA256 hash:	945f8ea6c8e20eeceb0101ec0f0fc5a4bfe95918dae47441145deb66acf8781f
SHA3-384 hash:	89ad477e4a15fa7070f856c048da74850b765e4c798b3438ee413dc88dd46fc24f213b8a3a404f0e4413b8e52dfe42f6
SHA1 hash:	7e27d6dd3038ac3e0e90ee175e97877d57178361
MD5 hash:	acf5f22023b7d5d8922be39a0a9a02c6
humanhash:	comet-iowa-burger-winter
File name:	ACF5F22023B7D5D8922BE39A0A9A02C6.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	617'472 bytes
First seen:	2021-09-02 04:01:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3808cf5755aac20ce0592be1a9bc0f0d (2 x RaccoonStealer, 1 x ArkeiStealer, 1 x DanaBot)
ssdeep	12288:dhDlOi4VgqcUQuV+epYa9+1pr36goHWUwXu7hTMMkShpLnq:n0i41P+I9+zWNVwe7aMkOc
Threatray	3'043 similar samples on MalwareBazaar
TLSH	T1ABD4E030A6A0C035F4F752F855BA93B8B43D7AB1573450CF92E516EA17346E8AC3139B
dhash icon	aae8e8e8aa66a499 (1 x RaccoonStealer, 1 x RedLineStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://45.142.215.144/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://45.142.215.144/	https://threatfox.abuse.ch/ioc/204183/

Intelligence

File Origin

# of uploads :

# of downloads :

170

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

ACF5F22023B7D5D8922BE39A0A9A02C6.exe

Verdict:

Malicious activity

Analysis date:

2021-09-02 04:07:52 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/811189f4-2968-4844-a17e-d3cbf68d52e5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/184641/

Detection(s):

Win.Dropper.Generickdz-9885122-0

Win.Packed.Fragtor-9885389-0

Win.Dropper.Fragtor-9888195-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Connection attempt

Sending an HTTP POST request

Sending a UDP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/30947022-ec17-4f89-a43b-6debb66f87ec

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/843761

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Detected unpacking (changes PE section rights)

Found malware configuration

Infostealer behavior detected

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/945f8ea6c8e20eeceb0101ec0f0fc5a4bfe95918dae47441145deb66acf8781f/

Threat name:

Win32.Trojan.Azorult

Status:

Malicious

First seen:

2021-08-28 04:45:00 UTC

AV detection:

22 of 28 (78.57%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=srpy5jwi4ihoz2ybahwa6d6fus76swiy3lshiqiulxvwnlhypapq._file

Verdict:

malicious

RaccoonStealer

41ce43aa875bf977ec9eb039e5853ade1af522dd0dff4f19282f6c8038ae2dff

RaccoonStealer

4e01866db5ec52866e21eac49c4135d62fe712d8b64cee07bd755a2accf0340b

RaccoonStealer

669fc993d8dd72286f58867c9b8011dd24f3236f8a1cb81258fb4bd607b5f3f8

RaccoonStealer

794d2eb60364e0f5ddc9e557cf3e33b67666ed688580c15bd858a27871b184aa

RaccoonStealer

908b275d6fc2f20e9d04e8609a9d994f7e88a429c3eb0a55d99ca1c681e17ec8

RaccoonStealer

fe5254468c8a6c7a17dc11f3e85b00db1b5b2b3c26919bdefb8d917ce35cb4d5

RaccoonStealer

+ 3'033 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:b3c793f8a4942f1e6338c484c47293ab93fbd4a0 stealer

Link:

https://tria.ge/reports/210902-341arhn8ke/

Behaviour

Raccoon

Raccoon Stealer Payload

Unpacked files

SH256 hash:

33ae9a501ff150fe95a6cd8b0829b5866769b4c8166af8c8aafbdab84c1f03c8

MD5 hash:

96ff1744a5a69ee9c778cdb8f6d8a953

SHA1 hash:

59ba6cfe96699b9984b7b27c6b4c6d4a08c86549

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/4b32d0dc-b877-4ab6-85b7-87a386139fbe/

SH256 hash:

945f8ea6c8e20eeceb0101ec0f0fc5a4bfe95918dae47441145deb66acf8781f

MD5 hash:

acf5f22023b7d5d8922be39a0a9a02c6

SHA1 hash:

7e27d6dd3038ac3e0e90ee175e97877d57178361

Link:

https://www.unpac.me/results/4b32d0dc-b877-4ab6-85b7-87a386139fbe/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/945f8ea6c8e2/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/945f8ea6c8e20eeceb0101ec0f0fc5a4bfe95918dae47441145deb66acf8781f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Detects Raccoon/Racealer infostealer

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/184641/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample