MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a76b1ee42bf46e97b2b59192ad8ba7a53d8ec626f36c043540f0d2f4ae8c8d4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a76b1ee42bf46e97b2b59192ad8ba7a53d8ec626f36c043540f0d2f4ae8c8d4b
SHA3-384 hash: 1242c43f2918e3ecc59b07bc5f033a050de30a4a7030050f437abb83eab733c98637fedc8acf2c0f1ac36aa7dc33165e
SHA1 hash: 47be3e38091d8ebd124731a9c4d42ec0002131a6
MD5 hash: eced9e2d7f9dbc0da186a1de2f1bb50c
humanhash: bacon-cardinal-yellow-king
File name:eced9e2d7f9dbc0da186a1de2f1bb50c.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:597'504 bytes
First seen:2020-05-18 07:38:08 UTC
Last seen:2020-05-18 09:19:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 47cf1e6353be58392683f1d507f328ee (2 x RaccoonStealer)
ssdeep 12288:slkVZ38rYvDBlljCvECgigj/vXTg14Ag+P/J:IkVlD8cC5IvTg14+
Threatray 295 similar samples on MalwareBazaar
TLSH DFD412117780D033D8B786719470EA61AA37AD7327A6554F3B652F6E2E303C22EBB315
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://34.105.255.170/gate/log.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-17 23:43:06 UTC
File Type:
PE (Exe)
Extracted files:
22
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u5vr5zbl6rxjpmvvsgjk3c5huu6y5rrg6nwainka6djpjlumrvfq._file
Verdict:
unknown
Similar samples:
0335616afb9c546d9580cd2656fdad8758f4daa215c39a0c14a0fc68a5c129f0
RaccoonStealer
07bfebe8d71ba6f9d0f0b05d40648777a4200a5811a1c6000f825c6d3e8246a4
RaccoonStealer
1f41788769bed2b7fa9f0d52c257b57eaf17793d6e02d5b4aea4a4a148d72874
RaccoonStealer
43eb644d0682f9bc85745c538015ba9ad19b10116792b5e5aa5da33b6c3af797
RaccoonStealer
4418f28281e9cb0979fceae5903c9e2ace9f8a07f4e72d7ee67bc0526d59b7cc
RaccoonStealer
52bfb01a8cb2ad9893c08a518653e33f7382c7f0419461e983af6523b67a6dcd
RaccoonStealer
68f66dd88b1a69a8ff2e63cca5e4554e1b147ccd2474d356b60a749c21412fd4
RaccoonStealer
de7f5d23f01e6db39776b8d70262dbdba511cb42aa65a71e1e3166ab91806da9
RaccoonStealer
e6d287e8934bea3f8c237e9095cfebd7e629bb2a9624eafc0b26065e0e03485f
RaccoonStealer
fff57207bf2d6326bc580cd9788e36ec52437e472d26d49c015685525415d7ee
RaccoonStealer
+ 285 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-nz3f8y3v1j/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe a76b1ee42bf46e97b2b59192ad8ba7a53d8ec626f36c043540f0d2f4ae8c8d4b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/363091/
  
Delivery method
Distributed via web download

Comments