MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a972fe56cf0c891775ab81e23a90e553956c06623350fc91d4e7cdce3dfd3170. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	a972fe56cf0c891775ab81e23a90e553956c06623350fc91d4e7cdce3dfd3170
SHA3-384 hash:	9b55e76fa66d7d703073c4e8b1f35625ef8548241ad580616bd6b4e140b0c47692e594342a770a634bbfb1c5667075d6
SHA1 hash:	e0bb4cdbf14e832bf91a5e412ccc2827b760eaab
MD5 hash:	55da799f20ed9469858a6834bdbbb3b3
humanhash:	cup-october-moon-pluto
File name:	55da799f20ed9469858a6834bdbbb3b3.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	431'620 bytes
First seen:	2021-11-04 17:20:16 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	5d9f5e56d1ff2d59502bc31bee028486 (1 x RaccoonStealer)
ssdeep	6144:XCUkof/AkyO2cwzJmYejJW9bRqX7Uu0XdVro+IrjnGig2rxARsc9CksgftcDN:XCUkonAkF2RVy8IXQJV8+yjGMxKQgOD
TLSH	T1E19402103271C13FE5E615B05C78DAA539B7B8636674818F77946A3E2F203C09A7AB1F
File icon (PE):
dhash icon	480c1c4c4b594b14 (8 x RedLineStealer, 5 x Smoke Loader, 2 x RaccoonStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

# of downloads :

126

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

55da799f20ed9469858a6834bdbbb3b3.exe

Verdict:

Suspicious activity

Analysis date:

2021-11-04 17:22:20 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9cd235ec-6474-4717-b83d-c9fb997da77c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/202421/

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware overlay packed

Link:

https://www.filescan.io/uploads/618416808eec3805367e2c76/reports/48364264-4731-453e-bbab-ce03e6cb42f9/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/30491864-9e8d-4131-8eea-10e603cd19bc

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/883420

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Injects a PE file into a foreign processes

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a972fe56cf0c891775ab81e23a90e553956c06623350fc91d4e7cdce3dfd3170/

Threat name:

Win32.Infostealer.Racealer

Status:

Malicious

First seen:

2021-11-04 17:21:07 UTC

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:b3ed1d79826001317754d88a62db05820a1ecd19 stealer

Link:

https://tria.ge/reports/211104-vwzsaahbb7/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of SetThreadContext

Raccoon

Unpacked files

SH256 hash:

25a4b6c6b34adf706411f6f6b91c46de7a80728964492e6eb11f2281e9678717

MD5 hash:

2f9b640b36cbd54b3c835289cc8075cd

SHA1 hash:

9e849ddf0cbb3291065a12408bc798c7cd7686d9

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/ee6b8a5e-82ba-4722-88c1-2a61893dd158/

Parent samples :

a972fe56cf0c891775ab81e23a90e553956c06623350fc91d4e7cdce3dfd3170
35405fdecc554572244c745e390644ae713070f0bf81b29b9b54f6a738cb0ea5
e040228b7cce711e455d0772d77287448cf14eea496563a3474c69565cc441d3
51785594b835ee188972c80f514ce698ed1262e0628c66df1d9e1ae23d484476

SH256 hash:

a972fe56cf0c891775ab81e23a90e553956c06623350fc91d4e7cdce3dfd3170

MD5 hash:

55da799f20ed9469858a6834bdbbb3b3

SHA1 hash:

e0bb4cdbf14e832bf91a5e412ccc2827b760eaab

Link:

https://www.unpac.me/results/ee6b8a5e-82ba-4722-88c1-2a61893dd158/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/a972fe56cf0c/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a972fe56cf0c891775ab81e23a90e553956c06623350fc91d4e7cdce3dfd3170

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

exe a972fe56cf0c891775ab81e23a90e553956c06623350fc91d4e7cdce3dfd3170

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1738451/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/202421/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample