MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4d2e783e7cc4d889422ec448ddcaadb489cca746a534c7c26669874137f1e15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 11

Intelligence 11 IOCs 1 YARA 5 File information Comments

SHA256 hash:	a4d2e783e7cc4d889422ec448ddcaadb489cca746a534c7c26669874137f1e15
SHA3-384 hash:	3ff24f946c8d565d45ec67ed70f9ed947b29c761a51cc98c76fea825c50115834694f97019780d7313dacd507d935406
SHA1 hash:	c108a911a3c75c07ddac8e76db143ba9117396e0
MD5 hash:	bd0e3041aa05db2ba9bf35c6c4f99304
humanhash:	yankee-emma-india-snake
File name:	bd0e3041aa05db2ba9bf35c6c4f99304.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	596'480 bytes
First seen:	2021-06-01 06:36:18 UTC
Last seen:	2021-06-01 08:09:31 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	99012338f1bbaabe225761bf7cb06050 (3 x RaccoonStealer, 2 x Stop, 1 x Smoke Loader)
ssdeep	12288:a35HaFZj1xJ5P2QW0JQCSXdb29Fq4WiR1jFds:a35ij1xICSXdnKh
Threatray	763 similar samples on MalwareBazaar
TLSH	D6C4CF007691C039F5F332F489BBA26DA56ABDB1E72440CF22D56AEE56346F0AD30717
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://193.203.203.233/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://193.203.203.233/	https://threatfox.abuse.ch/ioc/68025/

Intelligence

File Origin

# of uploads :

# of downloads :

123

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

bd0e3041aa05db2ba9bf35c6c4f99304.exe

Verdict:

Malicious activity

Analysis date:

2021-06-01 07:05:36 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/5320a386-744e-41a1-9fdf-5c612f95aef2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/163693/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.37010996.10332.26379.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Sending a UDP request

Connection attempt

Sending an HTTP POST request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/795013

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a4d2e783e7cc4d889422ec448ddcaadb489cca746a534c7c26669874137f1e15/

Threat name:

Win32.Infostealer.Racealer

Status:

Malicious

First seen:

2021-05-31 19:31:19 UTC

AV detection:

15 of 45 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=utjopa7hzrgyrfbc5rci3xfk3nejzstunjjuy7bgm2mhie37dykq._file

Verdict:

malicious

RaccoonStealer

209fba0ad040546a0732332b958ca53a53f87b9253ae365f0248939213718012

RaccoonStealer

50bae6a5c3c8f45399a78f1a6b3e27b3dc88fc9e2b172ef9c80ebfd85d856d94

RaccoonStealer

663bceba78c75dd1c6c042877e08f2ec4b07a46eb93b11f2aed7e5da3b9e10f8

RaccoonStealer

d7566fb580bef6871e67702da70379e645d6bcbb60082240b17c73aaa0e92504

RaccoonStealer

dbcd0fdcba542380094cc8ef4daa0d0a866f106e08e6637105610d61651ddd0c

RaccoonStealer

e2f5be9e3d5f3f631b795f447d9852f015a019163eea443e282ec1be9733da52

RaccoonStealer

eabf5a5a3b36ea517c3b37b7cdc50356e84cb94c971949e2bcb6635fb43bed7b

RaccoonStealer

f908550bb9f5aa6c171c39230d6a7ecf869ed9619c53e629c646352fa340b249

RaccoonStealer

fb5d2b6d9ec1b9c07e64f6b9eb148099f0b43d58dc867102c02b16a9a9152022

RaccoonStealer

+ 753 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:02aadfe757a32a232081b11d497bf4755f9b35fb stealer

Link:

https://tria.ge/reports/210601-v7q1l956an/

Behaviour

Raccoon

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a4d2e783e7cc4d889422ec448ddcaadb489cca746a534c7c26669874137f1e15

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Email_stealer_bin_mem Create hunting rule
Author:	James_inthe_box
Description:	Email in files like avemaria

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Detects Raccoon/Racealer infostealer

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator