MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5315ad9f0f7467c15868d0400d8f8bd2100a130814aedd922af271d8687eda3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 9


Intelligence 9 IOCs YARA 4 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5315ad9f0f7467c15868d0400d8f8bd2100a130814aedd922af271d8687eda3
SHA3-384 hash: a8e9ae9ea7b718417ffa7892033aeed175f9aa9fa0537098c6dd5629a41d37520de19c51583f25294f150f63cd1616e1
SHA1 hash: b868a6c360b709054141cc1d33c438d7e9608a87
MD5 hash: a72bfb946650a4dc5f051f9aa4706a9f
humanhash: florida-may-freddie-wisconsin
File name:a72bfb946650a4dc5f051f9aa4706a9f
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:422'400 bytes
First seen:2021-07-13 23:11:39 UTC
Last seen:2021-07-13 23:35:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f6f5597c6f744a1192b9bce74a542278 (1 x RaccoonStealer)
ssdeep 6144:YMJelBbABn1pmqWUvrju4ZB8fXYmCOD/fcv9o44SQO3UCVyHSdK:ol+1lWUTiorOTcv9JQO3UCOS
Threatray 1'479 similar samples on MalwareBazaar
TLSH T171940161F9A1C435D27756385938D2912F3FB8327A30C5BE7786725ECE722C0AAA5307
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a72bfb946650a4dc5f051f9aa4706a9f
Verdict:
Malicious activity
Analysis date:
2021-07-13 23:12:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/63ea9f58-077b-4260-8f29-cb7dd739a170

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171526/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37232420.20333.3038.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4f88f97d-2928-4551-8464-7fa81ca22f47
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/815928
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c5315ad9f0f7467c15868d0400d8f8bd2100a130814aedd922af271d8687eda3/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-07-13 19:53:28 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yuyvvwpq65dhyfmgrucabwhyxuqqbijqqffo3wjcv4tr3buh5wrq._file
Verdict:
malicious
Similar samples:
063d7b432fa85262f3515bbd8b51f81f3461a2e413b5782471ee5ab08fca59c0
RaccoonStealer
3d3112ce7c1a80e0378b15c7084b1b49a9805a5e47a85a97acdd7841d0a9b40b
RaccoonStealer
48543c618981b229afd8f50a0cc5581e4325d098b1fc95c3074609d31e5e86a3
RaccoonStealer
6232b30079357a00484db96ecfdb071ab91abcb68e1f79a5fb066686c2d47db4
RaccoonStealer
6c8131fc986f9477582f43530e0bdc660887285c83360c52e6b68876a57dc9b0
RaccoonStealer
757c6ccb2021bb12cb15fafcd4d748ef2d347ed4cb51076162563cbfe1ea01e0
RaccoonStealer
8726eeaad39b500f79072e8da7510e2b136bbc40c5ce31ab33e505beec1fc644
RaccoonStealer
d7b185cdc7b58c419814ecbf667db1307587b1949e8f107fd80e16af446196d4
RaccoonStealer
dbbc522719582c66077a06ac1b94fedeed360335d5762dbc78a5744d4309ce93
RaccoonStealer
fe65170a6f6cd5ba0df997262bca40350b650067db206bc83bfaf80da94bba9e
RaccoonStealer
+ 1'469 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/210713-qwdpkn4e5x/
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Unpacked files
SH256 hash:
66c90ae052c8ce084b624cf4534935aeeec406d9e86d2f5e738260c301c375df
MD5 hash:
f6db28b8da3436e78645d32c70d393eb
SHA1 hash:
11e42eec439e389794ed8b81be6847b6126480db
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/7dcd751e-ec6b-47bb-910d-97a58caf796c/
Parent samples :
c5315ad9f0f7467c15868d0400d8f8bd2100a130814aedd922af271d8687eda3
4286fc8a5df90759f761ff7c238541af2504327c46855c81f68fb28563969975
SH256 hash:
c5315ad9f0f7467c15868d0400d8f8bd2100a130814aedd922af271d8687eda3
MD5 hash:
a72bfb946650a4dc5f051f9aa4706a9f
SHA1 hash:
b868a6c360b709054141cc1d33c438d7e9608a87
Link:
https://www.unpac.me/results/7dcd751e-ec6b-47bb-910d-97a58caf796c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c5315ad9f0f7467c15868d0400d8f8bd2100a130814aedd922af271d8687eda3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Detects Raccoon/Racealer infostealer
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe c5315ad9f0f7467c15868d0400d8f8bd2100a130814aedd922af271d8687eda3

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1452269/
Cape
Cape
https://www.capesandbox.com/analysis/171526/

Comments


Avatar
zbet commented on 2021-07-13 23:11:41 UTC

url : hxxp://185.215.113.79/339.exe