MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aefc3361114ace20d1b7147cd9c1d865b560957779e9496e9506219fe7bb83b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aefc3361114ace20d1b7147cd9c1d865b560957779e9496e9506219fe7bb83b6
SHA3-384 hash: 12f8238a6bc3756e2c9efb0b8d048a1ae1487d7e80803baba02d563e2016590b47d6bd0617ebf8d6c7b1b3127e4177b6
SHA1 hash: 0a8794c6d3ba581a989facd172fd7ea5fc63ab6b
MD5 hash: b2723ef8f4671f64d0ffe21f8cbe7ff4
humanhash: quebec-papa-magnesium-fillet
File name:b2723ef8f4671f64d0ffe21f8cbe7ff4.exe
Download: download sample
File size:2'337'280 bytes
First seen:2023-05-10 08:00:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a6d485bb19e9d448f0a341f89d451edb
ssdeep 49152:xINdv++XQL+mc0PaahW3HeZ0dwkoKiytRIl7BpMWcAihUd3TXA2k5ybfW:u8+hIaRHeJTWRIlHMgihC3c3
Threatray 5 similar samples on MalwareBazaar
TLSH T155B5338768A32724D8916C72D405F2C8DF07F0CB65AEB6DCDD86FA941E349E1AF0416A
TrID 52.7% (.EXE) UPX compressed Win32 Executable (27066/9/6)
12.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.EXE) Win32 Executable (generic) (4505/5/1)
4.0% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon 70f0b269c4d4a200
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
231
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
https://www.youtube.com/watch?v=N6dRna8EPec&ab_channel=REDHORNS
Verdict:
Malicious activity
Analysis date:
2023-05-10 06:53:08 UTC
Tags:
raccoon recordbreaker trojan loader stealer
Link:
https://app.any.run/tasks/bf44368a-5ad2-4586-8b29-1ba00b53cf61

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/388074/
Detection(s):
SecuriteInfo.com.Gen.Variant.Jaik.147613.30372.26654.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/645b4f496f254f9636e3d861/reports/c8cd6b15-553f-4262-a133-eab163069a94/overview
Verdict:
Malicious
Labled as:
Jaik.Generic
Link:
https://www.hybrid-analysis.com/sample/aefc3361114ace20d1b7147cd9c1d865b560957779e9496e9506219fe7bb83b6
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ccb4a2f2-345c-4c80-b21f-bd6e8eac8a5c
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1229840
Signature
Contain functionality to detect virtual machines
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Creates autostart registry keys with suspicious names
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Sample uses string decryption to hide its real strings
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aefc3361114ace20d1b7147cd9c1d865b560957779e9496e9506219fe7bb83b6/
Threat name:
Win32.Spyware.Raccoonstealer
Create hunting rule
Status:
Suspicious
First seen:
2023-05-10 01:05:23 UTC
File Type:
PE (Exe)
Extracted files:
13
AV detection:
15 of 37 (40.54%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v36dgyirjlhcbunxcr6ntqoymw2wbflxphuus3uvayqz7z53qo3a._file
Verdict:
malicious
Similar samples:
1c875025eabdeac271d6f11b1167af63efde48ffa237cf97c78181b3ef82dd84
3a2bf257d6c6ecb246abd6e50163f126ea4683ffaca7d20fbd861ddfa3dfe0a5
a7cddaab26425d654855f225afae2271c57fb051352a9754c968b57b5fd6579c
e76168fd1bc089ab3adefa66f9a7410ecf47cbc2fe1e259bf49609dbcc0a1d6e
ebef1def6571bd1b556fa6467a818fc7c9143caad2524a91fcc891b251c8ea01
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence upx
Link:
https://tria.ge/reports/230510-jwkgtagg81/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Executes dropped EXE
Loads dropped DLL
UPX packed file
Unpacked files
SH256 hash:
8b45a5d497b95a5b8716cdb47cb252e59fa13a36466b01f0714f306e267a144a
MD5 hash:
5b1886a6dd9f37a646fbabe5dfb702c5
SHA1 hash:
a38943ac23f6c7346d0a153163e2fb5c7691edae
Link:
https://www.unpac.me/results/0610994a-1d45-47af-892d-dc73c9171493/
SH256 hash:
aefc3361114ace20d1b7147cd9c1d865b560957779e9496e9506219fe7bb83b6
MD5 hash:
b2723ef8f4671f64d0ffe21f8cbe7ff4
SHA1 hash:
0a8794c6d3ba581a989facd172fd7ea5fc63ab6b
Link:
https://www.unpac.me/results/0610994a-1d45-47af-892d-dc73c9171493/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe aefc3361114ace20d1b7147cd9c1d865b560957779e9496e9506219fe7bb83b6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2580611/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/388074/

Comments