MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b27943da09b070cdf931f219984746e3c275ebf7985560feabb597d1d2bb6c6f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 14

Intelligence 14 IOCs 1 YARA File information Comments

SHA256 hash:	b27943da09b070cdf931f219984746e3c275ebf7985560feabb597d1d2bb6c6f
SHA3-384 hash:	7d4456d690e42de172d0f82d95048cab2544ddcfee82a72b24b5fee7bca69b98a0ecf666576b4f6c3d6ccf51927869d4
SHA1 hash:	a0ca9bc4336c829bd3de85e2d92a2598a938b580
MD5 hash:	a5431c8b5f858e14edbc94be92012d58
humanhash:	green-happy-wisconsin-delta
File name:	a5431c8b5f858e14edbc94be92012d58.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	449'536 bytes
First seen:	2021-12-05 00:31:03 UTC
Last seen:	2021-12-05 03:08:44 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9d24ccac58ecf11e70c100743c701d44 (2 x RedLineStealer, 2 x Amadey, 2 x RaccoonStealer)
ssdeep	12288:MB6s6YziF2CLwjS29GZ6h76Bh3YPUYdFtyXWNCtfsZl:06e42CKb9Y6IBUUkMmC0
Threatray	4'391 similar samples on MalwareBazaar
TLSH	T176A4020039D7C875D6AB163038B5C7A1697B3D362A31054A37A8267D7EF21C3AEE5B43
File icon (PE):
dhash icon	fcfc94d4d4d4d8c0 (24 x RaccoonStealer, 21 x RedLineStealer, 9 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://194.180.174.40/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://194.180.174.40/	https://threatfox.abuse.ch/ioc/259462/

Intelligence

File Origin

# of uploads :

# of downloads :

288

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

a5431c8b5f858e14edbc94be92012d58.exe

Verdict:

Suspicious activity

Analysis date:

2021-12-05 00:34:59 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/cecc518f-334a-408e-af06-d87ff60b137e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/211388/

Detection(s):

SecuriteInfo.com.Trojan.PWS.Stealer.31482.17391.13921.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Sending an HTTP GET request

DNS request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

coinminer exploit glupteba lockbit packed

Link:

https://www.filescan.io/uploads/61ac085c4d8e6f3a5e10bbf3/reports/da66ef51-051f-4c96-9e47-526ccce7fc9f/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/cedf0e0e-e234-4e81-999a-8f9e0b479d25

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/901540

Signature

Contains functionality to steal Internet Explorer form passwords

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Gathering data

Threat name:

Win32.Trojan.LokiBot

Status:

Malicious

First seen:

2021-12-02 19:42:49 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wj4uhwqjwbym36jr6imzqr2g4pbhl27xtbkwb7vlwwl5duv3nrxq._file

Verdict:

malicious

Label(s):

raccoon

RaccoonStealer

11279dd30364bb6b1761a53ba65af146aabd3ce15074a500b8e21e3b733891d0

RaccoonStealer

3721a848b1944daae68ab118cb9bd748b6864b154c6714a1b49349883b456fc8

RaccoonStealer

58177414ce7cded267953804df02097df17d2ca711c175bc9a1d9c0681cc3093

RaccoonStealer

7be418280356c7dc0384328a50904f3cee364185aa7f99e127e511461cd6db5c

RaccoonStealer

c8333dc7f76585733cb3616ce951b3002189779daaaf6f1dbd5a4701adfbfa63

RaccoonStealer

cab23f63a0cd63cd22fab73efb4c31044c7cb72617a1154a7c47bfa867196c57

RaccoonStealer

d895d7793b22c9d6fc66a55e71ad757362b22a21992524ef5683f016ddf684b7

RaccoonStealer

+ 4'381 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/211205-at9jgsbhal/

Unpacked files

SH256 hash:

08d7cf69dd3b668c65b820dafd571f9cc168dd46eeb0f18830ef3c3c1ce4703f

MD5 hash:

19bdbf4f6907dc60077bfc1628162ae4

SHA1 hash:

a488722db9cc96f98fee1cb2af8656d9c2417799

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/ab3d018f-c865-4dd7-a04b-7f808bf7fa5b/

Parent samples :

aa3aa63b275a536306afe03d1c38c242186fd46f6d554b3b24fd60484a2f4a27
b27943da09b070cdf931f219984746e3c275ebf7985560feabb597d1d2bb6c6f

SH256 hash:

b27943da09b070cdf931f219984746e3c275ebf7985560feabb597d1d2bb6c6f

MD5 hash:

a5431c8b5f858e14edbc94be92012d58

SHA1 hash:

a0ca9bc4336c829bd3de85e2d92a2598a938b580

Link:

https://www.unpac.me/results/ab3d018f-c865-4dd7-a04b-7f808bf7fa5b/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/b27943da09b0/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b27943da09b070cdf931f219984746e3c275ebf7985560feabb597d1d2bb6c6f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/211388/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample