MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b47f74419de5db79da95d6d39d6e7e0da43a2bb2dc5770a0ee3715bcb2d76299. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	b47f74419de5db79da95d6d39d6e7e0da43a2bb2dc5770a0ee3715bcb2d76299
SHA3-384 hash:	beed4ebc9751b0d69783acc3623bd9b5925384f841a17f31a0ad1bed073c4286a1d73fc9df759fcdefc594a5c6e77cb5
SHA1 hash:	e920ca841d6c2ea3f7a5d15b7ac49e9e1d3442cd
MD5 hash:	08a433dcb4d318008eb98a700a267f43
humanhash:	ceiling-skylark-helium-video
File name:	08a433dcb4d318008eb98a700a267f43.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	593'920 bytes
First seen:	2020-06-30 05:23:51 UTC
Last seen:	2020-06-30 05:48:04 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	69104843fd99359df270d11507bd145b (4 x RaccoonStealer)
ssdeep	12288:yWuaoc9sircA+6KQIuOKkpfiUmE/Lx3bh2AlE85ZDGQ4bIiQi/1CKyg68DZB:fWKsSVIsAaUmEdVJB5cQxBideg6K
Threatray	174 similar samples on MalwareBazaar
TLSH	4BC412017B42E033D5377434B911F57299AE79720A24748337992B3EAFB29D19E2EF06
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://35.223.217.188/gate/log.php

Intelligence

File Origin

# of uploads :

2

# of downloads :

80

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/16761/

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b47f74419de5db79da95d6d39d6e7e0da43a2bb2dc5770a0ee3715bcb2d76299/

Threat name:

Win32.Trojan.CryptInject

Status:

Malicious

First seen:

2020-06-29 23:55:33 UTC

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=wr7xiqm54xnxtwuv23jz23t6bwsduk5s3rlxbihog4k3zmwxmkmq._file

Verdict:

unknown

Similar samples:

0dece9fdaaf9fca84d4ea64f94e789ee03a7a7e663d138327c662c4fc23aa2bb

0fc6717ef7ff0ae8d2a2add4303127af4693cfa5abb81a5a3a3e06b079051b8e

1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511

34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1

358178b74d9ff1457dab5015e5d10aa18a3b95d50a5a821568886672dfde97f3

41d2f9ef245a688081894e9983a5094d9beb6d84bda7d057ecc15a247aea6a06

44ccaaf3cc76edd1e184d8c65b13db79638fcbf8ed37b5883c34a1a8a7700901

5ef8714caf9c7296847b67b27edb93c3aec23d7e77b57d23d0e8607d707a2c49

ba244c534e6a0eedb496e840881c5401c3640fc317b601da17ca84570e1e181a

f2f2725fc1a43dbacb8fcbf59fe0500f0ef9d9f7f8d6a6a0745b800f006e7a39

+ 164 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

ransomware spyware stealer family:raccoon evasion trojan discovery

Link:

https://tria.ge/reports/200630-8lwvc6d5ma/

Behaviour

Suspicious use of WriteProcessMemory

Checks processor information in registry

Delays execution with timeout.exe

Legitimate hosting services abused for malware hosting/C2

Checks for installed software on the system

Modifies system certificate store

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Raccoon log file

Raccoon

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe b47f74419de5db79da95d6d39d6e7e0da43a2bb2dc5770a0ee3715bcb2d76299

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/401434/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/16761/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample