MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9615e9c718ebdfae25e1424363210f252003cf2bc41bffdd620647fc63cd817a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9615e9c718ebdfae25e1424363210f252003cf2bc41bffdd620647fc63cd817a
SHA3-384 hash: c17e5881b87be65e2b9f5879f70dbec4f592e22364f562a5a236125c235f2442989ab6bcbe7df9bfb1671dd95977336d
SHA1 hash: d8e8a400990af811810f5a7aea23f27e3b099aad
MD5 hash: 23a1ebcc1aa065546e0628bed9c6b621
humanhash: dakota-pasta-edward-mike
File name:23a1ebcc1aa065546e0628bed9c6b621
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:1'769'632 bytes
First seen:2021-12-09 08:29:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a89ad4308c6b073c29d7b4d307af96d5 (1 x RaccoonStealer)
ssdeep 24576:e6XIDc1uxIVMU63UgdPBHYN/kjSxPr+5jdF1NGlD5+MjDuoISJUe3jeuwwywfOaX:eoIg18sG3UqP2NplF1+6uo/JP2S/YBm
Threatray 3'225 similar samples on MalwareBazaar
TLSH T1A58523F11839E325C935B2B7F498F0BFA69D4C22DB84C8A6BFB62D5818F13815D96C50
File icon (PE):PE icon
dhash icon d4228240a1a6c8d1 (1 x RaccoonStealer)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
168
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
23a1ebcc1aa065546e0628bed9c6b621
Verdict:
No threats detected
Analysis date:
2021-12-09 19:21:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/751dd698-cbef-439d-8c78-71a4284a9ee6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/212738/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.47600255.21647.30883.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Searching for the window
Creating a window
Searching for analyzing tools
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/1406/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/61b1be8ffa72c81b5b131c98/reports/3efc5059-79ce-44ec-ad61-61d9a012bf16/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4c7c58f4-2e1a-4546-bb17-66431b201e28
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/904453
Signature
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade analysis by execution special instruction which cause usermode exception
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9615e9c718ebdfae25e1424363210f252003cf2bc41bffdd620647fc63cd817a/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-12-07 18:18:28 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
22 of 45 (48.89%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
146de084ff60046edb599a6f8ae1503aa2a7f39c550807e9af069c2e8c9ea34c
RaccoonStealer
2d02f6088d94bc1176408e49f1f91f36008eac6bb8f25170b7024e8a60394805
RaccoonStealer
3ea20ab6ac71f7252d2f3c4ccac94303b30ab139b812c66b69da08d6969dbe87
RaccoonStealer
46ac20a6cb7d8111b8ca8e96d5c377833f3d7c663d48912c17584c7f5d3ca12e
RaccoonStealer
646b7c888c54221556f191a77f9b3fc4a0c577d6dce5c32aba5c784cb1053f2c
RaccoonStealer
a8e0baca3d4bf1fb178b979886b8e992b21b37d42a346e12811898cc6cf3cf1a
RaccoonStealer
f75bda07c2fc02d23c291e0894bdc72923fc6e0f6959e65a3922cb09ef1f1fda
RaccoonStealer
+ 3'215 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:4da27d123a577c68e42716053343dd3f8da508a2 evasion stealer trojan
Link:
https://tria.ge/reports/211209-kd6g1acddm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Checks BIOS information in registry
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Raccoon
Unpacked files
SH256 hash:
b19a7c39592e7d80fb67208e9d122258cf9a8814b5de06aa59768ce50badb638
MD5 hash:
d281095a27a31f450b5a7c7153f68f99
SHA1 hash:
3a18962b24bce07151e1c46461b7b7da9ad61348
Link:
https://www.unpac.me/results/061d81be-de48-4808-b7aa-fc0028839209/
SH256 hash:
9615e9c718ebdfae25e1424363210f252003cf2bc41bffdd620647fc63cd817a
MD5 hash:
23a1ebcc1aa065546e0628bed9c6b621
SHA1 hash:
d8e8a400990af811810f5a7aea23f27e3b099aad
Link:
https://www.unpac.me/results/061d81be-de48-4808-b7aa-fc0028839209/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9615e9c718ebdfae25e1424363210f252003cf2bc41bffdd620647fc63cd817a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe 9615e9c718ebdfae25e1424363210f252003cf2bc41bffdd620647fc63cd817a

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/212738/
  
URLhaus
https://urlhaus.abuse.ch/url/1868246/

Comments


Avatar
zbet commented on 2021-12-09 08:29:33 UTC

url : hxxp://theperfumeplus.com/wp-content/plugins/soft.exe