MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3461cf008e62a6616de0037fd35c54a4d3165a89431dcdb1d431669ca81fa3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3461cf008e62a6616de0037fd35c54a4d3165a89431dcdb1d431669ca81fa3d
SHA3-384 hash: 79d642849b49304998bdeace3305b5d33940e06cdd73d3586ab6b663f196989de00a7234769cd76f997813a49f98c48b
SHA1 hash: 120ea9845521f310c3ddc77417cda6aa62839aa7
MD5 hash: 23b012be89b2da9c579f5d36a86ade9b
humanhash: snake-red-beer-pasta
File name:23b012be89b2da9c579f5d36a86ade9b.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:607'232 bytes
First seen:2021-10-18 11:16:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b4cda15a674ef12000829b9be50880b2 (2 x RedLineStealer, 2 x Smoke Loader, 1 x Loki)
ssdeep 12288:Ta8vUz8dG6qU7bnM0WUCu0pH1Ga68h+Mk5grfbwh4o+BGFQj:TFUzmWU7bXI1GaP+Ywh4og
Threatray 3'838 similar samples on MalwareBazaar
TLSH T1D6D4C000A651C038F7B252F489BA9669A52E7FE0672460EB53D51AED8734EF0FD3131B
File icon (PE):PE icon
dhash icon 5012b0e068696c46 (8 x RaccoonStealer, 8 x RedLineStealer, 6 x Smoke Loader)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/198124/
Detection(s):
Win.Trojan.Generic-9903173-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/616d57b5a9d585e6d52bd4af/reports/0c5bd7e6-ca82-4741-a933-c5c56793ea94/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/036c8df0-0dd5-472b-b981-1286e8a9c63e
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/872189
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c3461cf008e62a6616de0037fd35c54a4d3165a89431dcdb1d431669ca81fa3d/
Threat name:
Win32.Trojan.Ulise
Create hunting rule
Status:
Malicious
First seen:
2021-10-18 11:17:10 UTC
AV detection:
27 of 45 (60.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yndbz4ai4yvgmfw6aa372nofjjgtcznisqy5zwy5imlgtsub7i6q._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
1a1eba19f1b9bc5eb62e70dfeda11fb27f7f79bb4c0aa3936d4e982bc0af41c1
RaccoonStealer
2ac3efb66c417b56db8e17b4e9dd6cd11d97c711076fefe71547b0835c7f217d
RaccoonStealer
6c2ad98af84288aff6f49ae92f9f71befbfaa4ac35d1a05b1441f1ce15124ee0
RaccoonStealer
7cff32466f0b5aed14c17999813f0e2395598fe70437805589ea0bb9dc4fe9d1
RaccoonStealer
a9017566e9e66f032d8112dedb7a41398f0b56f607372d7df9096b555cc4c344
RaccoonStealer
cc98ee14bc8504ed2dae9d010c7f209775de51f9f31086814e2fb6b42baa7cb5
RaccoonStealer
+ 3'828 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:723d14b565e8f39294f31f86b0ce56cdaee75105 stealer
Link:
https://tria.ge/reports/211018-ndqnbsddg9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
f8d2f1c7ad4cfa1b5f4e4ead859d5b907449b1804f31eb44fa99362601dfb303
MD5 hash:
278c0571687953c7bbf2dc79255fd5ec
SHA1 hash:
95c64a39418829e08432e18c8baa3f6ab0534b71
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/ba349fc8-4170-4c05-9b58-2c87baae0054/
Parent samples :
ee72d76436717cfab41a33950d641e7e6820d23369b21fe937cc2fc2549c6869
97dbb2b9d161dd2b5f26eb48acef6ef70701b75a75b2d281e3dbb7fd946de319
42a1fdea9b33a2063e50bc4f0c7ac31fcc08ee7d070632f2921a5482a29ba870
e45562980424366481dbd17982b5773aa120d0c6410a0d45ef4daa156ca7c478
2ac3efb66c417b56db8e17b4e9dd6cd11d97c711076fefe71547b0835c7f217d
ade0899750767b8471c3b1ace720a85ebd9c0ba8c84af462257373cb7104d17d
937626d18f1e68354b43aefc092e7833333b219fce7648ca28b94f2f46f13b10
c30a7b035bad293727b98b2ec5c09a5ca9a2d5ff2073fd10de1383238fa094dd
c614fd9a439ee18db9156e3b8d5033137690e386f0cf7d028037fa3cf3503499
665044e68300e3da42a2dbbf0a64861290e50503a47b32b11a36d7e0b3dee594
642c488a6447d1db50f322359bb2cca33ea1e8f4c71f14ae4b81930020c5fb2d
e28a6d3bdcfdad9ff4c37e6c22c1a52018e5076ec65b128614bcf0e8eb711171
3f7782d85f744e3e728fb3b2c3dc04d00993f3e6a7caf3b4cab412837bcc4c07
c3461cf008e62a6616de0037fd35c54a4d3165a89431dcdb1d431669ca81fa3d
f6aa3dc3569ec484dd54f461b0f4ff25de4a81c422ad0b91ec06ae5c0fa893e5
SH256 hash:
c3461cf008e62a6616de0037fd35c54a4d3165a89431dcdb1d431669ca81fa3d
MD5 hash:
23b012be89b2da9c579f5d36a86ade9b
SHA1 hash:
120ea9845521f310c3ddc77417cda6aa62839aa7
Link:
https://www.unpac.me/results/ba349fc8-4170-4c05-9b58-2c87baae0054/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/c3461cf008e6/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c3461cf008e62a6616de0037fd35c54a4d3165a89431dcdb1d431669ca81fa3d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe c3461cf008e62a6616de0037fd35c54a4d3165a89431dcdb1d431669ca81fa3d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1584973/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/198124/

Comments