MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af0a3834638be40e679b27b8fe35a494906e3ef293e4ac5b16ceb1d198939d09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	af0a3834638be40e679b27b8fe35a494906e3ef293e4ac5b16ceb1d198939d09
SHA3-384 hash:	a0afa0dfa9b19b8807122cf3a121b9f19b6a55e82186a4ac8aebb4c99b2dee8d032e01a1b1bc1f4c2de0703c318ffb18
SHA1 hash:	07c3f0220250bfdfb473a30ad03671f275428581
MD5 hash:	68695d9263dcd342c039bf462b62ad98
humanhash:	papa-neptune-potato-coffee
File name:	68695d9263dcd342c039bf462b62ad98.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	696'320 bytes
First seen:	2020-06-05 13:48:33 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	333cd8221e5bdefee3c7ac9cd0fb328a (1 x RaccoonStealer, 1 x DanaBot, 1 x BuerLoader)
ssdeep	12288:8oTjOwajyEStpSnjNweBV36HScjPsJfPKk:FrayESDKqmV36bgti
Threatray	411 similar samples on MalwareBazaar
TLSH	05E41218BA82C43AC155B0339926C2A1C63F7F7E6A65067372D06AEFAC317E0A51574B
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://35.228.95.80/gate/log.php

Unknown payload URL:
http://cloud-server-updater28.co.za/doc/officeupdate.exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

74

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Malware.PDB-11.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Infostealer.Racealer

Status:

Malicious

First seen:

2020-06-05 04:20:00 UTC

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=v4fdqnddrpsa4z43e64p4nnessig4pxsspskywywz2y5dgettueq._file

Verdict:

malicious

Similar samples:

041a38bb8033ba158dc7728a19844811f459500c800835b0e2609501253c9470

5f3e83b3aa82ef8adbf82f9971372b78015470ca185e77a367fc8f1a4963ea64

69924d712b640b6d7bbf056dfb46d5c1ef7be90861391f9ec64564617545e61f

70ec5843a563be04290314f543ed0369a822a71ee353008cda4a82346e341ff9

8092f7adff425c2972f2716e2d31fedb1057c692eb8f0d4ca65d1a97537932a7

838e751256c2c80b0ea3299a6c9410033a4ae8eeb15fa5dc913a5e2d2b041c5a

983d5da5a77bd35296ad8569ec9eeeb0b7984f9deadf4d7b65842275da53ca72

a61d49a1253008d99edb3454be53014f5aca06bd41bd70b77ad2266a3579fcbe

ae3ff9a6dba15d80bb39bfe3cac65cf0ffd3745b7cc5a3880465f727747a5804

f8bd31f514d66552ce6512c5d48ea422a990b6e0d0d4251ccd25370048718c48

+ 401 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-r3mfxx4hnj/

Behaviour

Modifies system certificate store

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe af0a3834638be40e679b27b8fe35a494906e3ef293e4ac5b16ceb1d198939d09

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/363091/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/364175/

URLhaus

https://urlhaus.abuse.ch/url/379547/

URLhaus

https://urlhaus.abuse.ch/url/365304/

URLhaus

https://urlhaus.abuse.ch/url/365947/

URLhaus

https://urlhaus.abuse.ch/url/372685/

URLhaus

https://urlhaus.abuse.ch/url/372369/

URLhaus

https://urlhaus.abuse.ch/url/372242/

URLhaus

https://urlhaus.abuse.ch/url/372238/

URLhaus

https://urlhaus.abuse.ch/url/372239/

URLhaus

https://urlhaus.abuse.ch/url/372244/

URLhaus

https://urlhaus.abuse.ch/url/372103/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample