MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7097d8faff9c2e6cec6799d715727ff40a14cddee4abd0377286d6adbb63fdd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	a7097d8faff9c2e6cec6799d715727ff40a14cddee4abd0377286d6adbb63fdd
SHA3-384 hash:	9eeeb8245d80170db22dc1e5ea95154ca2e429cd43361a3981ef32c2e23b1b30136f624fc400614c13b9f8fc5a9ebce2
SHA1 hash:	f0a417e72ad32ab06b44ef9f5f14369f76eba9f2
MD5 hash:	226397991361d4e8b2edffb52931af94
humanhash:	cup-batman-jig-sweet
File name:	226397991361d4e8b2edffb52931af94.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	1'410'280 bytes
First seen:	2021-09-09 15:50:57 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	34e5fe6fb5f5380bef6d2b2739841a17 (2 x RaccoonStealer, 1 x DanaBot, 1 x ArkeiStealer)
ssdeep	24576:drdO1cGixvcjfY8G7bRbpd41VyiZTZAaMSyRda2oWZzfyzZ2TVcs:MimLY8G7bRbpd4nNTZAal0a8zfy8T1
Threatray	168 similar samples on MalwareBazaar
TLSH	T1936512306E9CE025E5B615F0467AC3B96A297FB1772041CB63C56ADEE674BD08C30B4B
dhash icon	9824e790c4e72158 (31 x RedLineStealer, 18 x Smoke Loader, 16 x ArkeiStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

1

# of downloads :

175

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

226397991361d4e8b2edffb52931af94.exe

Verdict:

Suspicious activity

Analysis date:

2021-09-09 15:53:39 UTC

Tags:

installer

Link:

https://app.any.run/tasks/1f4e30aa-7df3-41f3-a61e-8cc962291b8f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/186708/

Detection(s):

Win.Packed.Generic-9891562-0

Win.Packed.Generic-9891606-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Reading critical registry keys

Sending a UDP request

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/cc79c2b0-89ae-42a1-9293-1db6db2912ab

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/848249

Signature

Detected unpacking (changes PE section rights)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a7097d8faff9c2e6cec6799d715727ff40a14cddee4abd0377286d6adbb63fdd/

Threat name:

Win32.Trojan.Sabsik

Status:

Malicious

First seen:

2021-09-09 15:51:11 UTC

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=u4ex3d5p7hbontwgpgoxcvzh75akctg55zfl2a3xfbwwvw5wh7oq._file

Verdict:

malicious

Similar samples:

3e44aaf53dce4bee54658ad0a4ceecf11d73809de59eaad7c652c0e816304bd5

53bf1311760dbf64ec106e6fe8cc3fd94d0c2bb401d73fb97be4817fcddb5720

5c3162c36576b287b91705301199e60485f31ab98b4bd11e8ed4445b8131cf08

76f7bf0fdd9b10a084a69aa6dd475426c1d335f7e0d26544af7cbed40e86a762

7ac7316234cbc2894267e99ceca5574f892cb2e49b66cfb2611d73388f0994b3

7c6321b65a08aeab4f94e25158ad2f5198c79b604c1cbcc57ddc4259c022e506

8674d82a2e51082639b66e7e4c93a30f24f378e4f060979d16da85da4e0efe20

8e1d0291e0708d70f16cfe550b8c0e9b8d4e11b71a1d3fdd07e44f7505b12ef0

d6b1fd6f2a40416bebd7f6a2c5fef23e1fd677b7e2487ffa61cf626d3eb57841

e296665db7b0416f92848115e3b608a59a5e493413134a718c1f573494157f34

+ 158 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210909-tagh5sbegq/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Unpacked files

SH256 hash:

91d812e325f532993824647f8f4c63723f9e944767225aeda3672904563cb362

MD5 hash:

363dc0d4e7cd6ad13fe56c94ad65ee00

SHA1 hash:

e7afa73dba5602886af54a874430fc808b654c5a

Link:

https://www.unpac.me/results/d2e0d419-3f52-4f4f-8551-8be8d3f08feb/

SH256 hash:

a7097d8faff9c2e6cec6799d715727ff40a14cddee4abd0377286d6adbb63fdd

MD5 hash:

226397991361d4e8b2edffb52931af94

SHA1 hash:

f0a417e72ad32ab06b44ef9f5f14369f76eba9f2

Link:

https://www.unpac.me/results/d2e0d419-3f52-4f4f-8551-8be8d3f08feb/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a7097d8faff9c2e6cec6799d715727ff40a14cddee4abd0377286d6adbb63fdd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe a7097d8faff9c2e6cec6799d715727ff40a14cddee4abd0377286d6adbb63fdd

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1562715/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/186708/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample