MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94e6fa0bac302f238824b37ed63197a7ec24079ef8a5a546c27c59107d101ad1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 14

Intelligence 14 IOCs 1 YARA 4 File information Comments

SHA256 hash:	94e6fa0bac302f238824b37ed63197a7ec24079ef8a5a546c27c59107d101ad1
SHA3-384 hash:	e29712519d13a529ed416b44c6fd82dff9241eb7f83eba609cb4541021c573c61f395b734c0d1616bdd82fceb151d111
SHA1 hash:	13a4a5d959c7754308c93e1f0fddd316479183f4
MD5 hash:	b0798cb9cac65ad39c92ece692dde238
humanhash:	beer-queen-violet-fruit
File name:	B0798CB9CAC65AD39C92ECE692DDE238.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	596'480 bytes
First seen:	2021-08-24 17:22:30 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	db159470f30e320b201abae61c9eb25c (4 x RaccoonStealer)
ssdeep	12288:NFyw7zKAdhwmtM36cYtpNDjKCYMy00MpZVakSvb:NFywj7CjBMLVakSv
Threatray	2'293 similar samples on MalwareBazaar
TLSH	T179C4E030AAA0C039F4B752F846BAD3BDB42D7AA0673451CB52D625EE47346E9DC3074B
dhash icon	ead8a89cc6e68ee0 (43 x RaccoonStealer, 31 x RedLineStealer, 20 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://185.234.247.35/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://185.234.247.35/	https://threatfox.abuse.ch/ioc/193640/

Intelligence

File Origin

# of uploads :

# of downloads :

126

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

B0798CB9CAC65AD39C92ECE692DDE238.exe

Verdict:

Malicious activity

Analysis date:

2021-08-24 17:24:24 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/58451bac-fa6e-4540-9b4a-7a8c5c2bd7fc

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/181977/

Detection(s):

Win.Malware.Generic-9883106-0

Win.Malware.Generic-9883172-0

Win.Malware.Filerepmalware-9883174-0

Win.Malware.Generic-9883189-0

Win.Malware.Generic-9883190-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Connection attempt

Sending an HTTP POST request

Sending a UDP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/44406957-e6c3-40d0-8d2c-e310e0f25463

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/838477

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Detected unpacking (changes PE section rights)

Found malware configuration

Infostealer behavior detected

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/94e6fa0bac302f238824b37ed63197a7ec24079ef8a5a546c27c59107d101ad1/

Threat name:

Win32.Ransomware.Stop

Status:

Malicious

First seen:

2021-08-19 04:11:00 UTC

AV detection:

21 of 28 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=sttpuc5mgaxshcbewn7nmmmxu7wcib467cs2krwcprmra7iqdliq._file

Verdict:

malicious

RaccoonStealer

1b8a0ec3d3a8adeba4c71d3c5290da0b519966059a68d526a066c6f6d45214cd

RaccoonStealer

586d4807fdaf4d060a7449c9b8ac1c692b9562fff037bb769feadc3ad048cb85

RaccoonStealer

7a86973ed34a221bccbf4de185eed4600df18093f2b5fa7c7eaf7b7cee19a2e7

RaccoonStealer

b48cf1854b8ff73a0bb9d4e54b5811ea3ac7a5d3e0c6c57f8825a4de396f36cc

RaccoonStealer

c3cb419c2c74276267a476c49fbda1b8e7700cbf03de07e4bf46523b095bbe2e

RaccoonStealer

d4af0c3cc5fb2391aa0746e5b6d35fccc4141f1e63e10e9a908d250c6ae75ebf

RaccoonStealer

ecfdae094a54934410a15735998ff611d5b5a6bffc93d969c6a1acc3735cd73c

RaccoonStealer

eec717d51d1ff0b030d06044f4377bff362c75e4fc7b89dad08c3410d71fba5d

RaccoonStealer

+ 2'283 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:a1bad3fb2c2f9a96e865a0fa1f6911f1d6665468 stealer

Link:

https://tria.ge/reports/210824-lae3kqhdzx/

Behaviour

Modifies system certificate store

Raccoon

Raccoon Stealer Payload

Unpacked files

SH256 hash:

743a89929540812874f82cc665fd3678d45d37faf1fea05ad4295047ed032cdd

MD5 hash:

7210e19d6680c37d7b8076c9ced514fa

SHA1 hash:

232a48424f3c0ab40311a6bb676f2f9c8c1aa95c

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/4d805bc6-e8bd-4865-b51a-ab11c6b74102/

SH256 hash:

94e6fa0bac302f238824b37ed63197a7ec24079ef8a5a546c27c59107d101ad1

MD5 hash:

b0798cb9cac65ad39c92ece692dde238

SHA1 hash:

13a4a5d959c7754308c93e1f0fddd316479183f4

Link:

https://www.unpac.me/results/4d805bc6-e8bd-4865-b51a-ab11c6b74102/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/94e6fa0bac302f238824b37ed63197a7ec24079ef8a5a546c27c59107d101ad1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Detects Raccoon/Racealer infostealer

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/181977/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample