MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9fe5d38a3eaacddf0cfbfcdbb0d84c8399a510872b53610638087f4d9553ac82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 11


Intelligence 11 IOCs 2 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9fe5d38a3eaacddf0cfbfcdbb0d84c8399a510872b53610638087f4d9553ac82
SHA3-384 hash: 1fa581b0562de4bd3ed351d3c9b55b8559261b57c296deb53317d7b43ee153a9d134ecaffa9f27f20793c7b5f1ac350f
SHA1 hash: abb3d10ef1c3e9bacb09c5e8370c10bd672d6706
MD5 hash: 5fb915dee9e5da7bfa4b4d833bfefb9e
humanhash: orange-lemon-purple-vegan
File name:5FB915DEE9E5DA7BFA4B4D833BFEFB9E.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:1'074'176 bytes
First seen:2021-06-20 21:05:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8c3d2ce9c0756d959c7aa1c81b93d3a0 (2 x RaccoonStealer)
ssdeep 24576:HscqzDohX1lerJEvajg6tX0nubt2ANw4bSw+LArvILX:H4YhQJECYubV9+LArvw
TLSH 7135D067A2C1D437D2B32E348CBB52A898357BCC3D15988A5AD83F089F367513B7215B
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://34.105.169.29/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://34.105.169.29/ https://threatfox.abuse.ch/ioc/137379/
185.157.162.75:443 https://threatfox.abuse.ch/ioc/137817/

Intelligence

File Origin
# of uploads :
1
# of downloads :
154
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5FB915DEE9E5DA7BFA4B4D833BFEFB9E.exe
Verdict:
Malicious activity
Analysis date:
2021-06-20 21:08:05 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/d6077cec-128a-42e6-b957-98ddc15a161f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Adware.Generic4.AANW.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b04a2940-2cf3-4264-a3fd-9bad38630a77
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/804984
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to evade analysis by execution special instruction which cause usermode exception
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9fe5d38a3eaacddf0cfbfcdbb0d84c8399a510872b53610638087f4d9553ac82/
Threat name:
Win32.Trojan.Bunitucrypt
Create hunting rule
Status:
Malicious
First seen:
2021-06-17 17:45:14 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t7s5hcr6vlg56dh37tn3bwcmqom2keehfnjwcbrybb7u3fktvsba._file
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:e769a3b57d823e6577700a58ab4a4a547b9f01be discovery spyware stealer
Link:
https://tria.ge/reports/210620-wf4vrxmzg2/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Executes dropped EXE
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
758b0fcad0950b63607f06609bc9ffd7953206111f04adfbf40bfc1c0b5ed2c0
MD5 hash:
dfd72cf998be69be0418701a0dee0272
SHA1 hash:
16ec42de83a698415daa33b47a5363fb289a4f6f
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/8f7d9ce9-7ede-4a1b-a8f6-97d473b4a77a/
Parent samples :
9fe5d38a3eaacddf0cfbfcdbb0d84c8399a510872b53610638087f4d9553ac82
c39778737ab289b8253a0c33f9fb9a0fd23492d2a0679d1759180b93ce110899
758b0fcad0950b63607f06609bc9ffd7953206111f04adfbf40bfc1c0b5ed2c0
SH256 hash:
9fe5d38a3eaacddf0cfbfcdbb0d84c8399a510872b53610638087f4d9553ac82
MD5 hash:
5fb915dee9e5da7bfa4b4d833bfefb9e
SHA1 hash:
abb3d10ef1c3e9bacb09c5e8370c10bd672d6706
Link:
https://www.unpac.me/results/8f7d9ce9-7ede-4a1b-a8f6-97d473b4a77a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9fe5d38a3eaacddf0cfbfcdbb0d84c8399a510872b53610638087f4d9553ac82

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments