MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4ffe6c2f699fd77bdf6b7b7f49e3ba3691275585292eae1c600d997d6a9c0ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4ffe6c2f699fd77bdf6b7b7f49e3ba3691275585292eae1c600d997d6a9c0ee
SHA3-384 hash: f0c94f9d7c12f354f5279a411c4825efd21e8fed55d78d56c2ddc08f33dca64ff2b76abe6eb5f1f3b9fb5e8adfbe2e80
SHA1 hash: 329b871c4a69b244b559e0714fa26fb7d241b392
MD5 hash: 42bfdee70acf93f972b741475db4ca6f
humanhash: wyoming-river-nitrogen-tango
File name:42bfdee70acf93f972b741475db4ca6f
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:1'772'528 bytes
First seen:2022-02-03 07:30:49 UTC
Last seen:2022-02-03 10:26:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a81d875af6256c9e5c6c51eb95096d7f (1 x RaccoonStealer)
ssdeep 49152:wY1xK2sOk1ojlQU0SpIHLMankG1B3YeGOp:wY1Fo1olP0SpWLMavBjGq
Threatray 5'967 similar samples on MalwareBazaar
TLSH T1238522392371C4CFD0191AB49D21B6B819DB7D91BD67E09B71647B4E48F0BC18CA3BA1
File icon (PE):PE icon
dhash icon 9e2f77b632132f9e (1 x RaccoonStealer)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/231668/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.29637.4314.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for analyzing tools
Searching for the window
Сreating synchronization primitives
Sending an HTTP GET request
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed
Link:
https://www.filescan.io/uploads/61fb84bca0f6a794b3363ca6/reports/2c1c7a01-5880-4542-8d36-72552ec2cdf8/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8b0e7403-a6f8-4b0b-b250-210c943ae56f
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/933799
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Hides threads from debuggers
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade analysis by execution special instruction which cause usermode exception
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c4ffe6c2f699fd77bdf6b7b7f49e3ba3691275585292eae1c600d997d6a9c0ee/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-02-03 07:31:13 UTC
File Type:
PE (Exe)
Extracted files:
69
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
360f2daa601a407296f2a123346526c790bc1a03f974bad4379e0c534056182e
RaccoonStealer
6c07cb1892760f9bbb19d05b784d7a544e2d62e69b7ed65450a3e58bb099d05d
RaccoonStealer
6c30d21f796fe02e8e6de2823d8a925a5d3d6c2b248c134e78c18d07d3cb657d
RaccoonStealer
b31474d8c16181a103a6ac36d9277eb7ac5dbb7261cfa74f82adbc8b2d06d3fa
RaccoonStealer
c33fcdf3021040ca6a3cab3a0c8276eab8b4f810687a8da405cd77b2664590f4
RaccoonStealer
c99134879d691e2bbbf506c3fcc992d1c7b4153c07e7f3952b80c92c944e5539
RaccoonStealer
e438f74e71aa80712289eaac851a59a481b24e46ba5d607e3cd42aeea6129bd8
RaccoonStealer
+ 5'957 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:1d78f9f6c63eda0cee41621b90faf161e3d09c63 stealer suricata
Link:
https://tria.ge/reports/220203-jcd6paeacl/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Raccoon
suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
Unpacked files
SH256 hash:
53d00dda0d5875d8986643dbb15272594ceb623407f31f6e36f8f406bd9d9916
MD5 hash:
928eddb25595b3828e0918bc4bfade8e
SHA1 hash:
0e8b99f632078755992372072de1d74fd46e21ab
Link:
https://www.unpac.me/results/d155edcd-a6cd-49c8-9b8f-75a022b7178d/
SH256 hash:
c4ffe6c2f699fd77bdf6b7b7f49e3ba3691275585292eae1c600d997d6a9c0ee
MD5 hash:
42bfdee70acf93f972b741475db4ca6f
SHA1 hash:
329b871c4a69b244b559e0714fa26fb7d241b392
Link:
https://www.unpac.me/results/d155edcd-a6cd-49c8-9b8f-75a022b7178d/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/c4ffe6c2f699/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.97
Link:
https://yomi.yoroi.company/submissions/c4ffe6c2f699fd77bdf6b7b7f49e3ba3691275585292eae1c600d997d6a9c0ee

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe c4ffe6c2f699fd77bdf6b7b7f49e3ba3691275585292eae1c600d997d6a9c0ee

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2025823/
Cape
Cape
https://www.capesandbox.com/analysis/231668/

Comments


Avatar
zbet commented on 2022-02-03 07:30:51 UTC

url : hxxp://212.193.30.45/US/soft_r300us.exe