MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a921f59feebc9aea286874e8f499dbcbfafe1cfee244e44ec7dc2b431d1b39d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a921f59feebc9aea286874e8f499dbcbfafe1cfee244e44ec7dc2b431d1b39d0
SHA3-384 hash: 012338c0e4c73b53821df8703e2ba1bb84371384ba2866db96efd46a15b3288f6d3cd2b09deea55fa336c594a9408d16
SHA1 hash: a2c506c3ed3c18048f2d7f5dea7d9f16ed46a29b
MD5 hash: 78f185f09c5e814104fbf049904a6971
humanhash: saturn-october-vegan-nineteen
File name:78f185f09c5e814104fbf049904a6971.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:580'608 bytes
First seen:2021-11-13 19:21:43 UTC
Last seen:2021-11-13 20:35:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ed1b1d17b38d0dd027b889df8df37758 (10 x RaccoonStealer, 4 x Smoke Loader)
ssdeep 6144:9tXBDcN61uDxBjEozZMbmObo3qKgG80KC0wWahDw2lrZyrmy93kgqv4Qqn:ZwkpgM7oDKC0KU2lrZyrmy9Uv4
Threatray 4'135 similar samples on MalwareBazaar
TLSH T1BDC4D100A7E1C035F5B326F949B592A9A53FBD91AB3490CF62D42AFE56346E0EC30753
File icon (PE):PE icon
dhash icon e0e8e8e8aa66a499 (32 x RaccoonStealer, 23 x RedLineStealer, 14 x ArkeiStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://185.163.47.175/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://185.163.47.175/ https://threatfox.abuse.ch/ioc/247972/

Intelligence

File Origin
# of uploads :
2
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/205513/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.31482.27794.5792.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending an HTTP GET request
Sending an HTTP POST request
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/619010743edf00a722d26c61/reports/3a06ec60-54a5-4da7-b394-9819bfc3cdcd/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1b82a23b-4e0c-48e7-86be-36c19cc27931
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/888617
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a921f59feebc9aea286874e8f499dbcbfafe1cfee244e44ec7dc2b431d1b39d0/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2021-11-13 19:29:12 UTC
AV detection:
26 of 27 (96.30%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=veq7lh7oxsnoukdiotupjgo3zp5p4hh64jcoitwh3qvughi3hhia._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
28f5fb04e33ee8f3257b1a2c6f4ade3f281b0d474eea4bdde2abe622a1b11994
RaccoonStealer
3e820217037e312b739d6514547da6a7afd3d9e3b92dc90e6c30c35808fb5214
RaccoonStealer
67a5471d59ca74d55eda2a899d27e0c650b4bd66747461f1bdda634dc96d0c18
RaccoonStealer
c8333dc7f76585733cb3616ce951b3002189779daaaf6f1dbd5a4701adfbfa63
RaccoonStealer
ce231785f06d7c6b33b20dded67b62f759ec23b23bee89b01fcb00953f7028c9
RaccoonStealer
e26fe6535f9ec57538d49515fdf98b1a925fa26dd28040a96a5bc1c94a691975
RaccoonStealer
fe3d7939166e8e6ae965d66d98f6ee5583e535b575ba194aef038c6c1ea15ae4
RaccoonStealer
+ 4'125 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:675718a5f2ce6d3cacf6cb04a512f5637eae995f stealer
Link:
https://tria.ge/reports/211113-x2891sfde7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
2a2ba5b248dd91c2587a65fc631c9c0420a51e482868ff122589e504cde85359
MD5 hash:
067d2c6243d0f98ae656fe05c70ff7a5
SHA1 hash:
15dce4243edcd70e7e62f5dbe5de927aeaa5e59e
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/4d8270c1-f274-4d47-9a30-62600c5ecdc7/
Parent samples :
09a00301556acb4de926b4416267d9de24fe6378b6a9e82132179a87d6e6bdde
fdd4f5811b2ddef82ef643bbad923e615838947ecd447a4ad08b13f675b05c40
0166d0fc5da4d3c12c8955d1cebe10f366cd0a0674f2a5d403e2cfc40804209e
4bed5412c52ed11f549d5c6d703ca56de574a4af942fb81efa46b54b94d35a03
b34e8aa6bc42993186969f1477590c585d6eee163fde696854cb4e462fbbb7a8
8f34321cad9e1f7e2d41ea9ca04699aef59ba9c768ecef60ce2bf54bf13826bd
3479b7419ece3f4c774cb55e73e7d538b8e8271d9d5cccbd3fc48266874a3ce5
86b870116bb099e653d83b6c9aaf742e77f65c0677dfa71908377b9300a6507d
d0366bbec7419a0ba11bceade615b2bfb23a568e6cb0b7c33a903e4f679c03fa
92cde3e38c7522bc1c3e01ebeaa60b5fd37f7766ca5064d571afa933312b460b
8378882572dab3574e094ea453aebae67493ecace0196d87fb2a6ad29282b5b0
3bf5e3b569ce7b7c421c15e8f1ed09740f71a9897e98702e648b9a3eab9ecb7a
a921f59feebc9aea286874e8f499dbcbfafe1cfee244e44ec7dc2b431d1b39d0
d5151ae2398b510107975a3744e0a4321d53d09eca55c9f64aeaca226d5fcce7
749543031579c39e1ee8621db7979aaa5a9bd7b22c05486a55b8b91e537bbf54
6f391d149f103ec2e7eb5af33aa119d7977caa80a815d388044d50abc0607a72
9598ecb2f430ae57baec3e652df255e48ab6fbc4cb680f567a5ba3832cae7e56
30a2b243996af346243dacf92e14caf4fc7d2fefaabdc900797f4d5c700be730
354928b0eda9cd85f543b70deb29a9cd3973244304ede6477c25e64ce2d85ad0
840613e133118f0d8c21ff1b6df7b7cf1245664f88447fdd716a79305e9aeaaa
8dee7c9f5e45b520324d40a399ce69972385c7d2423068c4496ad7df03fdb977
bd6bb975db60f223e5169901b94cb4a087e76422f799890fba9049b3b9b80fc3
036084777111f92e772c3f0e3375b7a671953536f5526c4850264f8b723e337a
65ebd52ba08105df32e2427168357d33c7deca9feed6d78540fa38aafc8e8277
6712966fb71efdd915b841784b4291038c230ce956ec0f3cc21b8010aa2b5097
1abda6533abb0bc7d91351e49a8033d50748f82c58b2ee7e5c249432a60cd4d3
9308d06fec62ea75d5d1a5a86114ee2b326c543f9338ea5216ef88fb31af241a
17f034d82769b0c4477038efab7264cf527325f9988f5da5765e7556c7b512da
5523638949848b383861e23b4d54caa09d1c7e047fb2293bd3938416339d5b59
879b3d8f4e4f90f19da28a6ff8b46fac43c972a2b4b268a708966650b9148b7f
088408d4521923335a966f44b2cb47e1303db2fd804b9e2df4404919d535dc11
92ceb8a100237ef5f832fa20c890adbb4795094dd0d04404643fc054d93ca75d
ed3468785dcb7ebfaa55ce7b8af4fffbc0e3cb1ef53dea99f96cefb6457c3c3a
36b9f1cd3c80826ab3b0ee34a8778ec6fda5143fc8df96297ba586c2e09164e5
7b299721449e841ed6e5c241c4e686cc3c1f0554ce8427a5c9fa986be99e6298
dc6745de06cfe2977ca39a425619d5df9bf942d4eeb70b381d5ff2fc238cb7c1
c7f7b5f94ea4d9afb32067a16f0c5de0beaa2d16cbb8dea032e9cf0b3059e1f4
aac731bb54c6d39f286068cf0b5c59189c5d21d1c95fd8c2f7b5c53e6d29564c
a5f90b635d81e3f1274395da89cffa873593dff99b4eb1826849ab088edebfb7
32788bd3c4dbc325754fef4cf6242f38210e7db4b39a69c5f742cf9675244013
d8a1b8221fdf02c5363f9f86852818ad5c8f3471d29fdc686547f09dda04ef62
d5417bd4f17d95f5c1f8d49d9af9d9e56efd4aecf50e1914ca357f3fe97d74be
37c36451adf39bbe14c487781050ba809ff5d830289ebe3a79e26a279fa060e7
affd2c7f421e34ca07b479d486b97d3401c3223584b427272635fde19a2c5f21
2b074cacb004b725fd8f681741a3a19c642bb5bd3ef7c8c7a5c838c3fd1e7165
c94cb969f64eae727b1ad3b39d37216a64ec2361a8adcf3e55609b060d3e0cce
2f0f18541bb5925ced2ec3c73b792e42cc635f14aafc25b045a012df9096dc32
ebce5c08413f5c4047126e7af5ab5f5025be812b60ec7240560e2869f7286d67
d8ed0ddbe32fee0bf5d9036e9e0d8b2d5c5ed2dee4ee1efc8c4d3983c6ee7310
SH256 hash:
a921f59feebc9aea286874e8f499dbcbfafe1cfee244e44ec7dc2b431d1b39d0
MD5 hash:
78f185f09c5e814104fbf049904a6971
SHA1 hash:
a2c506c3ed3c18048f2d7f5dea7d9f16ed46a29b
Link:
https://www.unpac.me/results/4d8270c1-f274-4d47-9a30-62600c5ecdc7/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/a921f59feebc/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe a921f59feebc9aea286874e8f499dbcbfafe1cfee244e44ec7dc2b431d1b39d0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1738451/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/205513/

Comments