MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd0f4b38b5f2edfdaf836e9d4642488de3fe04f3e855826408cbc31f1bda138a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	bd0f4b38b5f2edfdaf836e9d4642488de3fe04f3e855826408cbc31f1bda138a
SHA3-384 hash:	153d30efad8d6fbaddc8d5f9301d07bfb623e28c4156799dc4d502696355ce62014f0a058f7d098e637ca890c721c00a
SHA1 hash:	6ed7c3b84dea43bc9e3fe3dd89348444ea78b35d
MD5 hash:	bb94d6c2ce08dca2ea471ae37e9a6d1a
humanhash:	music-california-pluto-five
File name:	bb94d6c2ce08dca2ea471ae37e9a6d1a.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	525'312 bytes
First seen:	2022-03-22 19:00:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9b5dd8ae6c49e5fbd407dc1f346434cc (4 x RaccoonStealer, 2 x RedLineStealer, 2 x Stop)
ssdeep	6144:uxVLXDdxYDferZ5wfa7yAO7CiwBlkVx99yagDweIEu3l+R/eAJ7Kw1:uxpXDd2AIaOwlO9cbD/0l+RxBK
Threatray	6'458 similar samples on MalwareBazaar
TLSH	T144B412303B91C033D85A2074356EC7B0512D787316A6CC5B37A95BAD2E797C2A2B7B4B
File icon (PE):
dhash icon	5c599a3ce0c3c850 (43 x Stop, 37 x RedLineStealer, 36 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

1

# of downloads :

181

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/255104/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware1.32234.17408.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

DNS request

Sending a custom TCP request

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/10485/overview

Behaviour

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/623a1d10b94fb38cb4d104e4/reports/225c2978-40d3-4878-a5d2-8ee2e6b774e1/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/5190f1d5-66f8-4fac-971a-0cc2d83acc5e

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/962057

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bd0f4b38b5f2edfdaf836e9d4642488de3fe04f3e855826408cbc31f1bda138a/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2022-03-22 19:01:17 UTC

File Type:

PE (Exe)

Extracted files:

8

AV detection:

20 of 26 (76.92%)

Threat level:

5/5

Verdict:

malicious

Label(s):

raccoon

Similar samples:

14eb78c6d9f873f43e453ca56c4d9d1ffbb03ee79fddb87cadeef59626299b6a

20cdfc02c239254853f4915308b81aa9823916b8cd6eaa02b3c1a19b67b36e38

2631bb84e6e34dd72aca532864d09e51d161c687ae3f5e495c16a2fded1213aa

3c072e8447a090783007f41a0293c619b455742d4d1b35011eb112a1b8cc2e12

7fcc48b2b40ebd39192948c22ee86521efa5214b39902ba7700908031d294afd

8e0caed1df3b6a4b202d41b71406761c6111263eb22bfdb9b7c0df081e8d4dad

9d30503fc799e14b88937b30600aef9ab65b8bd9a4b9707f1135b3292a5a2b9d

c9894dc1091f69ddf411b90853eaf2a4447e20b5a3f7dae5a6997c5c03b470fc

+ 6'448 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:4b8853263bfbfde368561fd97dd96c93b6b91e4f stealer

Link:

https://tria.ge/reports/220322-xn9cvsggb9/

Behaviour

Raccoon

Unpacked files

SH256 hash:

a35a7bc0683a747b96e34d35346f6357dfcec7fa883a7f3d9c1270a44119400a

MD5 hash:

6f82e26086f750bd745a35601efa6451

SHA1 hash:

404efb41831c48d76bc92e8763a51e4055f4b9ae

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/e134dfe7-1e23-476d-b601-dbc614e6b10a/

Parent samples :

3c072e8447a090783007f41a0293c619b455742d4d1b35011eb112a1b8cc2e12
2631bb84e6e34dd72aca532864d09e51d161c687ae3f5e495c16a2fded1213aa
e14e3ba37274e5efe932d789e8e24e20c7c21ad852978df80bb9392f5acf238e
0a7dcaf9e64345aeb5abd12728983253beacd114e4dbe2b3f5addfb7f198d854
cdc3c8092da2ff6ac49b6097aea6afb00439eb1638150042f78b561b6fa2d512
dbe977eb38b4307dcadcc923553535f94f762b91dd28eb11d27cdd6b8f9eab4f
84862dd214cf92e7ba589fda632e1a7d1748341da19ed2d4cc56029f8a1bb6ce
65fa28bc56a1b8132aede30afcb70685f90cfccd32f899ffda736b1b4f46144c
c9894dc1091f69ddf411b90853eaf2a4447e20b5a3f7dae5a6997c5c03b470fc
772b0096bf5c9bb9c71a7ea2ba9a631a80b115134f1d480c08af549fb6f90d87
bd0f4b38b5f2edfdaf836e9d4642488de3fe04f3e855826408cbc31f1bda138a
bab33596106fd683cb7190eedfb32a219fffc5691bed72c151893b3270f06c09
dd2db9bfa45002375af028ac00ca1b5e0c1db30a116c21cac2b4c75cb4ff9aec
3816d18b6f051f046a039ee937185509c8c3326f2842ba04de9d81e4e6ca7de5
bdff4c55eb7dd5a7d125a3629189c26ad2a3f1145a1801c4ba871e144a520895
f09393a0c14c0c4560743e75e59a025aff474c1f27eddd08f19d0ecea80b0988
8406f862c281a32094311d40f1cc275666ea3c368b9607db4ebb91b9cf9b5d3b
6c58e340f883a4f80f9fb47658671fecfd6bb2db2766326e6e360f8e495896c1
329cb82245c769af6159fde26e4bdb1831a0c0a7d16b9be24501fbe973563463
bdb06abce0a193e24ecb55cbda52963d6fbeb5b4c9efb8b45d588aef2ba7b943
d381f45d013f6b50a2be84d5d21f4743bf4271b789e3e81d5cf3b6fd3071ea20
353057209b0d75d63612db91a802368735d5954667946584e1ad0f6f84a892d2
17e503aef3804c0513838fb4ae3e00f323b1260bf753d99dbf0ae415ba54de11
90608df647f490150050db8a8cbcc66d15166957f53882a732699f78a939656b

SH256 hash:

bd0f4b38b5f2edfdaf836e9d4642488de3fe04f3e855826408cbc31f1bda138a

MD5 hash:

bb94d6c2ce08dca2ea471ae37e9a6d1a

SHA1 hash:

6ed7c3b84dea43bc9e3fe3dd89348444ea78b35d

Link:

https://www.unpac.me/results/e134dfe7-1e23-476d-b601-dbc614e6b10a/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/bd0f4b38b5f2/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bd0f4b38b5f2edfdaf836e9d4642488de3fe04f3e855826408cbc31f1bda138a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe bd0f4b38b5f2edfdaf836e9d4642488de3fe04f3e855826408cbc31f1bda138a

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2110505/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/255104/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample