MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3f6afb079d5d25bea3a043d033091d5a0a8fde399c900a6337bc5e1dd65d279. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3f6afb079d5d25bea3a043d033091d5a0a8fde399c900a6337bc5e1dd65d279
SHA3-384 hash: 82840a9ddb4c86c1bdc03673eb53482f6bb996fd7396bc5ade97949042572421b99d550c0de5aabb6adf045852dd7f8a
SHA1 hash: 1bac02c18a6f4b6c19cd6f312d39bfbc596a4413
MD5 hash: 788b1193c1e4a09903258e199f701801
humanhash: magazine-north-timing-magazine
File name:l1342_Inv.xll
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:564'736 bytes
First seen:2022-02-24 17:17:21 UTC
Last seen:Never
File type:Excel file xll
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 12288:8n/zDvGHAykH8vLW/4+8bzbBSreMdsBY4ZyrE7K3yl8PeVooA/AB2LEJZsAQPUqj:OzbGHAzHKjX17BY4ZyrE7K3yl8PeVoo0
Threatray 60 similar samples on MalwareBazaar
TLSH T146C47E57F7DBF6B0E6BE867A86F1851C52B774620260A78F664072886D23382453DF0F
Reporter cyberswat4
Tags:RaccoonStealer xll

Intelligence

File Origin
# of uploads :
1
# of downloads :
202
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-9939833-0
Create hunting rule

SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/b3f6afb079d5d25bea3a043d033091d5a0a8fde399c900a6337bc5e1dd65d279/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed packed
Link:
https://www.filescan.io/uploads/6217bdcfa6f52d32f1830024/reports/f039b98e-e6d2-47d1-8371-856ed7a20804/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3f6afb079d5d25bea3a043d033091d5a0a8fde399c900a6337bc5e1dd65d279/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-02-24 16:57:35 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wp3k7mdz2xjfx2r2aq6qgmer2wqkr7pdtheqbjrtppc6dxlf2j4q._file
Verdict:
unknown
Similar samples:
0838b673be73014ff6e29d784247ad3b44a794dd2134301bb25c8dd0a3f5b0ae
RaccoonStealer
12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd
RaccoonStealer
983ffa1a7513ab6d015e1c4785bda2a2f20a47bf6091773db9341ebcdaf84e93
RaccoonStealer
9b682330445e8eb6445cc43968e21ae3ffe1b9d8c3ae5210c9a8d12416315d5d
RaccoonStealer
aba88fbca4bc1906e9602f61b25d48d01cf476d48bda115f317fda930313492c
RaccoonStealer
ade73b7033e024443c9ebffc25a424d3a1fc4e67c674fcd585e9d5d5d2c774a0
RaccoonStealer
bf3529c3d7d27a23db406da1cae1ab04e4b0c5b14de4aa69d5bb11166e1e5c1f
RaccoonStealer
d340898f14aaa9f884b022b4be1b849eae4be5e275432348dc6bcb1fa09e28cb
RaccoonStealer
e230c4b82bc8c591ef3c4c5bccb49baffd3f04230eab9342afa5216ab6fa5d5f
RaccoonStealer
+ 50 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:d689e9bf6a41804bae1c152de503d1e8f14f7c86 stealer suricata
Link:
https://tria.ge/reports/220224-vt958sefer/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Loads dropped DLL
Downloads MZ/PE file
Executes dropped EXE
Raccoon
suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b3f6afb079d5d25bea3a043d033091d5a0a8fde399c900a6337bc5e1dd65d279

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RaccoonStealer

Excel file xll b3f6afb079d5d25bea3a043d033091d5a0a8fde399c900a6337bc5e1dd65d279

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments