MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b192cdd9dbe911ad254c513a7988cd62474cda9e72514557ae4399c163bcbfcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b192cdd9dbe911ad254c513a7988cd62474cda9e72514557ae4399c163bcbfcc
SHA3-384 hash: 7df63586aa72012e1f4e19469e438865e2ea2e1ca1141a3b90209bf946bc35fc590d2fb5819a73ec70e7b180800fed8c
SHA1 hash: d2b67776bf520e7d48eb140282e2dcc873cdab88
MD5 hash: cd700613a71885116acac9f17cfcab25
humanhash: river-helium-low-bluebird
File name:cd700613a71885116acac9f17cfcab25.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:569'856 bytes
First seen:2021-10-19 14:28:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 496fb81a1abcadf15579376d6cec3e36 (3 x RedLineStealer, 1 x RaccoonStealer, 1 x DanaBot)
ssdeep 12288:lCwUlTBvIF5JauvV2NrAFe1J/X0k/bq4FD:lC4agcN8WF/v
Threatray 3'839 similar samples on MalwareBazaar
TLSH T18EC4E000AAB0C034F5B356F45A7592ADA92E7EE16B6490CF22C926FE47746E1FC31317
File icon (PE):PE icon
dhash icon aad8ac9cc6a68ee0 (34 x RedLineStealer, 14 x RaccoonStealer, 11 x Smoke Loader)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
216
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/198579/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/616ed6309a5a1e91c5c69f9a/reports/523801fa-a0bc-42ab-865a-6d53a6fc15b7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1058ea7e-2690-493e-a190-13b5215f2741
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/873207
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b192cdd9dbe911ad254c513a7988cd62474cda9e72514557ae4399c163bcbfcc/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-10-19 00:30:52 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wgjm3wo35ei22jkmke5htcgnmjduzwu6ojiukv5oiom4cy54x7ga._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
1a1eba19f1b9bc5eb62e70dfeda11fb27f7f79bb4c0aa3936d4e982bc0af41c1
RaccoonStealer
35d9bca5a3ae3990cf7c1e73f192600e7eddefda636d8594e1e3983e73fef941
RaccoonStealer
37adbd4fc155549e6f725c4bc9d540eac67bbf78b0ae893059d860cca52b4aee
RaccoonStealer
7cff32466f0b5aed14c17999813f0e2395598fe70437805589ea0bb9dc4fe9d1
RaccoonStealer
a9017566e9e66f032d8112dedb7a41398f0b56f607372d7df9096b555cc4c344
RaccoonStealer
afa506dea7e88d3aa2ff4c2f58a21a91cf5d6ae5a00dea2cf482832d1613e37b
RaccoonStealer
d3184ceae376a789ccd61e767da3f21cacd72dfc7162a5e1a9569c7244d0bf9a
RaccoonStealer
f71af415b9939891015d10018b116c538506e55aaa67dc825c2c95cf6626555c
RaccoonStealer
+ 3'829 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:7ebf9b416b72a203df65383eec899dc689d2c3d7 stealer
Link:
https://tria.ge/reports/211019-rtkc2agac7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
aa156806223068508fe317644fb0e5396107f71b0284e301577f754e0d286122
MD5 hash:
fa1486a2b835594d48c7f32ca1f15e48
SHA1 hash:
fe0297a9ddda480ba4d2264592d8e7cc4b8fadd3
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/a8742310-89c8-4737-9fe7-fb44dde6977f/
Parent samples :
afa506dea7e88d3aa2ff4c2f58a21a91cf5d6ae5a00dea2cf482832d1613e37b
ccbfdd0661ad91a09b7226542b5feb70e01b108951a0a382b2381ea25b7c73d7
bc2bf5271de321e19fa21bae29bcf1260b2e43c8891ab056881f37a1209d8557
55927123aaddfc0c7d7b720e0f06aadd5bcc52d9b4955da3460b02561fb6447d
4cebb5a9492f91192a5def3c8345b217718a8223a9b845c3eec1e1eeaa8c6060
9e05d26ca31990960ecb59a804c99db6c1b07ae9d5afc4a835f04a0aceaea75e
9f11cb88433023075e0ad899c15354f27a9ef34e3d53aee561d391130d77ddaa
e128f0a54c481a677c0cdc5159600956776cc02fe066cec67775958e4d132ee9
921b85ad6dadda97e0c6a3d3eb36fb5e9943f24854c30dfa00bf29a8c722cf62
94036ecca794753179e68c331482c2b42b0c06a067169c8b004fad4e7dda673a
175857c3f9480499cf56d30f394f885d51ac9ef05bbc1d6bd86d3b4af393c261
cc98ee14bc8504ed2dae9d010c7f209775de51f9f31086814e2fb6b42baa7cb5
f71af415b9939891015d10018b116c538506e55aaa67dc825c2c95cf6626555c
7cff32466f0b5aed14c17999813f0e2395598fe70437805589ea0bb9dc4fe9d1
35d9bca5a3ae3990cf7c1e73f192600e7eddefda636d8594e1e3983e73fef941
fef23d7da54626830e7d3bf6738b1c6b587b204d16d888860c973cfc3bb999d7
37adbd4fc155549e6f725c4bc9d540eac67bbf78b0ae893059d860cca52b4aee
a9017566e9e66f032d8112dedb7a41398f0b56f607372d7df9096b555cc4c344
1a1eba19f1b9bc5eb62e70dfeda11fb27f7f79bb4c0aa3936d4e982bc0af41c1
33d3b2f2022f7bc8f6d5563a962d41fbb984b212b9e09f0ddf5fe7e9a44a8d34
b192cdd9dbe911ad254c513a7988cd62474cda9e72514557ae4399c163bcbfcc
ea35181753363a426ec2114c24bb445b642445698b5c3e419314b964ce60defb
88b8097ddd006cd54de00ea57d7d57c182df22fd4ba45629d922b5eae25ec786
503cc21000ab022ab292a174211951fb92b96c1a0a102bebf9c3c6d0194f1b72
c57897485abec1f54b3f54c762777cd2b8fb09d79282388a8b30bb1216052361
1aec6cc141b967ad7e484585cc9f14807fdea191960515a13e638d26ae1cbcee
3afa401a164d6cb1ba9ee8836c8f2af6c2bd445896bdf986a2385fa52e9e8c2d
7af9e7e44d7f033837b7bae0f23f2bd5d7eb5e31b2067fcf31be2886141517be
b2cfcca54559fe12152b31db92c3344cbf9024df4f9ba0bf4bd1790c3963a779
SH256 hash:
b192cdd9dbe911ad254c513a7988cd62474cda9e72514557ae4399c163bcbfcc
MD5 hash:
cd700613a71885116acac9f17cfcab25
SHA1 hash:
d2b67776bf520e7d48eb140282e2dcc873cdab88
Link:
https://www.unpac.me/results/a8742310-89c8-4737-9fe7-fb44dde6977f/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/b192cdd9dbe9/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b192cdd9dbe911ad254c513a7988cd62474cda9e72514557ae4399c163bcbfcc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe b192cdd9dbe911ad254c513a7988cd62474cda9e72514557ae4399c163bcbfcc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1678286/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/198579/

Comments