MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf5031c61e39f9dfb379eba03181bfc5bdc63527c25588279fc9e2684e462c11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 14

Intelligence 14 IOCs YARA 3 File information Comments

SHA256 hash:	bf5031c61e39f9dfb379eba03181bfc5bdc63527c25588279fc9e2684e462c11
SHA3-384 hash:	3f950a051ff36e4c1a70ac7e486c15526fcf9ca6824c5b217e8a877a2bf6e30bcbdf91375fe2c4e36f859e1c2965fda5
SHA1 hash:	6c1cb2cb48d77ec4bb4e500f0fa7ab873d35e063
MD5 hash:	8f79110737dc06d512478b5f7d8d5c2b
humanhash:	bluebird-football-fruit-utah
File name:	8f79110737dc06d512478b5f7d8d5c2b.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	511'488 bytes
First seen:	2021-11-16 13:26:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fcc31388ff76a8fbedc4d2b97cd892f2 (7 x RaccoonStealer, 1 x RedLineStealer)
ssdeep	12288:I/OuY1bV/kZDe1s948wKz6M0ZH2J30j9qb79:I/OTbVsZUs94580B3I
Threatray	4'249 similar samples on MalwareBazaar
TLSH	T1AFB4F1C4B6E19C7AD0653E309D76EBA0023BF862E530540AB774E72F1EB23D04A76356
File icon (PE):
dhash icon	fcfcb4d4d4d4d8c0 (70 x RedLineStealer, 59 x RaccoonStealer, 24 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

# of downloads :

111

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/206443/

Detection(s):

Win.Packed.Generic-9908949-0

Win.Dropper.Fragtor-9909325-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Sending an HTTP GET request

Sending a UDP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/6193b1a943e8f62b66955d76/reports/b19873bb-6825-4451-86f2-9bdc86c3c77a/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2a98df05-e41a-41ae-8057-f8e13bfa9f04

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bf5031c61e39f9dfb379eba03181bfc5bdc63527c25588279fc9e2684e462c11/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2021-11-15 19:36:33 UTC

AV detection:

33 of 44 (75.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=x5iddrq6hh457m3z5oqddan7yw64mnjhyjkyqj47zhrgqtsgfqiq._file

Verdict:

malicious

Label(s):

raccoon

RaccoonStealer

6712966fb71efdd915b841784b4291038c230ce956ec0f3cc21b8010aa2b5097

RaccoonStealer

8dee7c9f5e45b520324d40a399ce69972385c7d2423068c4496ad7df03fdb977

RaccoonStealer

cfe0285c92fd3ba73b574809c128333d493a354b509aafbf9d05402f8f82fc93

RaccoonStealer

d09f1f4d1e5cf1ea2c2ffcf037bb2af20315e592f5c7f6d8692c1b60c2713927

RaccoonStealer

+ 4'239 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:ddf183af4241e3172885cf1b2c4c1fb4ee03d05a stealer

Link:

https://tria.ge/reports/211116-qp34xadhf9/

Behaviour

Raccoon

Unpacked files

SH256 hash:

4fd3fb38a76d5ed85d5638f74edc572ff86503ca28e6d68d6e13a5e4e54d8209

MD5 hash:

3ae7bfb6478c0bcd2c0e2f54b97f7ea0

SHA1 hash:

2cff331a8dcddb34d7e30a078ffa772c6c2ef4be

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/a1045dc4-c02b-4990-9a4c-0862b6de9716/

Parent samples :

db4ec306ea32c01cb486566c699b9b88013beb26c2830319785bf5a4ee4735b5
bf5031c61e39f9dfb379eba03181bfc5bdc63527c25588279fc9e2684e462c11
fa30571b12211c46fc47639a9d4df6fdeacc8ea6ecffd0a3022f82ffe43d50b1
f106e2efb90c57289bbe57b3be618c063c1bc70f3eaabd2afa73e53c2168a54d

SH256 hash:

bf5031c61e39f9dfb379eba03181bfc5bdc63527c25588279fc9e2684e462c11

MD5 hash:

8f79110737dc06d512478b5f7d8d5c2b

SHA1 hash:

6c1cb2cb48d77ec4bb4e500f0fa7ab873d35e063

Link:

https://www.unpac.me/results/a1045dc4-c02b-4990-9a4c-0862b6de9716/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/bf5031c61e39/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bf5031c61e39f9dfb379eba03181bfc5bdc63527c25588279fc9e2684e462c11

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Raccoon stealer payload

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/206443/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample