MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be4c0e3a5025c1cb1a5a4c17321a8412f2599ea5fa6c942c2339479e74a336af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be4c0e3a5025c1cb1a5a4c17321a8412f2599ea5fa6c942c2339479e74a336af
SHA3-384 hash: a9068a5174d145d06b9c7456f207fddacd06bc05724ab1e6a81235ac5fc4c1b134f7c09c23417a2bac2e9a302cba18de
SHA1 hash: 9fb2745944a6a323196e76063d030ce40979a404
MD5 hash: b716ef0649230524ec8117ad8ea7b909
humanhash: river-orange-sad-mississippi
File name:b716ef0649230524ec8117ad8ea7b909.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:434'176 bytes
First seen:2021-11-03 19:22:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash adc309f4258aa7e488ca350060834acf (2 x RaccoonStealer, 2 x RedLineStealer, 1 x ArkeiStealer)
ssdeep 6144:eOIJUZoK2geI8BwbXs/V1zbUuXD2HAkZCGeX9OeNxZAsMIOeu0lx7rjySZC:e7yZP2ggei1fUw2HdZefxWvx0l1jFZ
TLSH T1C394021572A3D432D9E35974487BC6B11B7BB863213C514F33A13B2F7F60A808A5A76E
File icon (PE):PE icon
dhash icon 480c1c5c4f594904 (10 x Smoke Loader, 2 x CoinMiner, 2 x ArkeiStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b716ef0649230524ec8117ad8ea7b909.exe
Verdict:
Malicious activity
Analysis date:
2021-11-03 19:33:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/952bfc4f-f815-40ad-ba8a-d152abc49a43

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/202007/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Spy.21580.5422.32566.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6182e1989982ff7c3f7e1195/reports/114b2198-f61a-473a-b598-192fe79401f8/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/69d57f86-ecef-49a1-acde-e33e09758410
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/882663
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found detection on Joe Sandbox Cloud Basic with higher score
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/be4c0e3a5025c1cb1a5a4c17321a8412f2599ea5fa6c942c2339479e74a336af/
Threat name:
Win32.Trojan.MintTitirez
Create hunting rule
Status:
Malicious
First seen:
2021-11-03 11:40:31 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:68e2d75238f7c69859792d206401b6bde2b2515c stealer
Link:
https://tria.ge/reports/211103-x3snnaefa5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
35af3628c195c79bdd6a9e6b76b1c0cb5021035f248a8ed5f249f29b98ec15ff
MD5 hash:
fc4210b8d69615b449407f5aa1401b8b
SHA1 hash:
bbccbb86817dc3b30df63f466a203c1ceb07f738
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/e3c978fb-4e42-4dbe-a18c-d75fb9377e49/
Parent samples :
be7eee0143b1fe4a45be3bfd6adadd760b9a82319054a2f6c3d7809aa5e5ebca
74816f56b7e8ada613ca8151c4d904e0e603019502382493d70138d7c6cda410
63e51949e556d4e3ce9f6d72c8a7b53e2a75b5f5926658ed65ac1a92b786f727
aede380a58d25d6e615abe110a8e9cf7d55d557a78e8e39a088592d852f4270c
5af0731c44d5185c6525978688ebde8107c54ad9c2d81195dc0ae19787cc9772
e7f0807d4e77d424c1b2a2d0dde3e70478e5a03b327dbff26b78ca43310bd10c
66c4274b0a8ffa59ff6ec223d48c16d1345da2a18dfd2886706162f9cd2b0f7a
b13da4ae4b27bcab31fb81bcae4ea2c3ef94d64a0cb154401a6db3b58c65a062
970c8955fa0b87bc2f8d0b2233bfd7b3c734b117c7970668a69501b64adc135b
522389faddd26ccb3652f3d00a3ee7bf7ca2f17d1e66399054dae9b2a7dd9e6c
0ce7a21034827c590af16177ab69fe8f0549ba80d765572cd36eabcbce53dc01
61032cb0c046266ca7b4e1c7bec46361c439d6a3cee475162662be4d2b57e8c2
fc45091d99dbacc2d6d92c6f358fd4886326e092789de5ede12cde6ac8234915
2c17e653adf08ff0f16d005e7525bb48e13e07a5d744650d41bb6e94aa053287
476d59d84e2a25f5fcc3dd2efd952f138ddd5137d7d5aa0c6cdff9a23b95ea95
eed04bcb8ac8720b0f1f1f5238494d58d163631cc63d5de1a1109f66d2409fe8
969038f4beda3d9d7040f8093970ed51e1f65e2e4684fe0d66023f1838f0f582
0a6589e8bec291fcbb9ee4e8341c2bf6506f26a9a8174975e7ea8722f20c7845
7aeb5171e90e813e9f494faf648e9f971fded6700d435972a43389b3ba701d05
d5e1f06165385be3568c0311f6093f29c16805e6264bf127af3b6a83e62c7ed4
32c06152828c3d144b82e6e1f4ef18381be1dfd307105851827e358c64156949
279239c5221fa485655f1963010c98259a4ceaa95a3ffec454d514948fa8dcb7
3563d9f6b7170b84d5fc589df6ff72f754025c8575d3d92c7fee09446beac0c8
35231486153cee388c670fe38e700810cb7f4bb265f42d6d68c1b9494206360d
039694c6d172a624b9ed0e6bd4d3a34441835cc8658f7b4c7db07b659283b0ec
e0f3355a3a3df9f9b64e6cd08e846060cab49b6e73cc27644b84bb4c964afa0a
b4dc9e2e8a50e0f1aa1ab6ec6d55f3835329cd80a85b799dd474242a0897dd2b
30e0ed12460cf6bb4e2fd212e75126aed3e02ff7fabf6a8d5963fe843870748a
7eb03078f08f097b0eebc611ac1b3f6f443fac5abdfb8879175193aedf24d37b
6bca7ca9aacdc3544f61887a7c9ac5f1f6fc53fccaa03fdf27b7c365699bba12
dfc50de58c6339e624b60a7e6d5bccc20297656cd80183379fac54f11b3e6f56
cfa7b4b4fc55791d6fe487f6945550af8b4e76b7642c417498ad519131c70e66
4c28bee4f8fb8af42fa504549bd0f6fcf33064768fc81fd7cf0fce5db38673d0
a78b0179e39e58f6b2a8470e17ced2491eff99f3776be3c83a0679132c3c81e4
b0dd5858056c0f3b57748faeadbb2d64cc104c5e7139a79f5413c8b161fa73a1
5951ad0c4ceb22f67645e5fc7e45aeef476cc7f092c82f53a0ea10912eaa82a4
054d065a043de44f5e5630f3714057e58ac6350f68257170edf505388b30886f
77bfa7e30693d2f33340f085d00d3bc51b4cbe978b6f3398137036452e85b269
b4d7eaf0f1d8e41010b0f31130fc977b88852d1a31243296b122acc6a255d027
789a80269564acd3bb1caa10c87bf7376b3194ae28006451f7a6413a5aec93f0
67f7aae503b7676b78ee59c2949d4ab1cf3eadc216fc1f0f3f7a9df5e6bd57aa
894c3251918bb2269a6ff3b157f64d65bf8696e930b13146234a43e07e46b02a
087162444ac358da7ad10b5b9ac9ca7254a7e3fc23bed63133a34819e7a7e7f4
6669170c33aed7b0a684979cae8351ff4c630593e739111672f4c816bfb633f6
d248e7f03207b79d0761c7a1a9f8f3ee656183ef0b79f50bbf8ee52ed1be9bbb
b9685348b71cc1925750a94445a759e710dd240bb739fe7c8883a03c04a361bf
26fc68557d09664515ae49bffa931495b57befc73925e33950836189b54bf895
42aea1078a93a0a96e3ea42382f683e853b90901347c1d3628c1ae2b2598c7f4
3b3ed014278f3a386d0f1918032ec6017597d3a8cfe934f8c86dc79ee58fa747
7c242b2c02aa876bed48238ca62a764198e48815de9554d6f7d341a9ca28c9e7
e706999f8ee1816e90456012deec979de66a1b95d37e8fc9f24cd52a9fe984e5
49709e439ada57fddea95e1ff4f074004cefb1628e6a1a0b5687270bc0a5fd7a
6ab7268e235f166e80f729c1bc4d3707ba67792685858a5342c1ff0f9fc0d194
e02a7a3afe559ee4d08bec39970a83776e665cf946179d6ee5d98d0dbe32a641
599ba671d59a72887a6fb53345a021e8a6b3ca7c8044ee233d5075f12bb30564
472652363b7b94b0d1da752c5b3c738ae6798f2234cd04311def0c509e5e04e7
6cf46399cad159c9ee2bc033acf896bb794d0cd8d1a1e6f131ce5b6a822f424a
b14c4e3ed75a755c09bb62c155f94caab2aabe8733bc7dc6e6e958cbc901e839
574a56656b6cf687d912baeedeeb176f0a7e58ad15ad4ab43c3cd630d9cceab2
1554ca9d66bbe8672e7a6a6730e5d1f48f85aeace653f04c488b810c3e7f3e81
ea01ba77368829f664b5759c5b41e471b8dc5ad8822bfcaae405ac662756d1ac
422b03c3a614d7db59c9ce93ec53fda6c6ccb6233ebb822c998471a16e1a884e
be4c0e3a5025c1cb1a5a4c17321a8412f2599ea5fa6c942c2339479e74a336af
62620fec283076b6d5ddc4c17802ae073538614321e5cd782d63d28c7de48f47
SH256 hash:
be4c0e3a5025c1cb1a5a4c17321a8412f2599ea5fa6c942c2339479e74a336af
MD5 hash:
b716ef0649230524ec8117ad8ea7b909
SHA1 hash:
9fb2745944a6a323196e76063d030ce40979a404
Link:
https://www.unpac.me/results/e3c978fb-4e42-4dbe-a18c-d75fb9377e49/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/be4c0e3a5025/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/be4c0e3a5025c1cb1a5a4c17321a8412f2599ea5fa6c942c2339479e74a336af

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe be4c0e3a5025c1cb1a5a4c17321a8412f2599ea5fa6c942c2339479e74a336af

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1738451/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/202007/

Comments