MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf97fab7ccc6d55f68b6563e8c68541f4b8db1cbcb841dce67663d9e4d7938b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf97fab7ccc6d55f68b6563e8c68541f4b8db1cbcb841dce67663d9e4d7938b1
SHA3-384 hash: b30f82a5db9cef343ff053ae7115179ec332ad6efdef41dceccf912a4fe9440cd7b9e8d748ca6ab55b8ed5af21379e67
SHA1 hash: cd7a8e51b413de2343aac98971d37e6363863de4
MD5 hash: cc5c3d6512bbc0e90d670e8a61481ca1
humanhash: uncle-bluebird-cardinal-carbon
File name:cc5c3d6512bbc0e90d670e8a61481ca1.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:594'432 bytes
First seen:2020-06-30 13:35:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 69104843fd99359df270d11507bd145b (4 x RaccoonStealer)
ssdeep 12288:Q3uao0c+wRtDAfvK8UbCOY/DFoqlakWj6Rq73dkgl:8W0Ot0zCCO6oqMUqLdT
TLSH B8C41251B382E0B2F53625316525FEB106FD7AB1862511C377D83B3EAF327E06A2C649
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17235/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf97fab7ccc6d55f68b6563e8c68541f4b8db1cbcb841dce67663d9e4d7938b1/
Threat name:
Win32.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 08:38:39 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x6l7vn6my3kv62fwky7iy2cud5fy3molzocb3tthmy6z4tlzhcyq._file
Verdict:
unknown
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
ransomware stealer family:raccoon infostealer family:redline spyware discovery evasion trojan
Link:
https://tria.ge/reports/200630-avh3tsfh8x/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
Delays execution with timeout.exe
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Modifies system certificate store
Checks for installed software on the system
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Raccoon log file
RedLine
Raccoon
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe bf97fab7ccc6d55f68b6563e8c68541f4b8db1cbcb841dce67663d9e4d7938b1

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/17235/
  
URLhaus
https://urlhaus.abuse.ch/url/401434/
  
Delivery method
Distributed via web download

Comments