MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7e8c1f9dccbb6994c09588f04ec4ebf8db2ab30b3ca1a7951b847475b0e16dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7e8c1f9dccbb6994c09588f04ec4ebf8db2ab30b3ca1a7951b847475b0e16dd
SHA3-384 hash: 9a205f03effefe6ca58178d5896279bf7af5ba8c35c78141731a505c7b52cfc33d5c3e5cb9c7936f927aae1ecb31c8ee
SHA1 hash: da6b22245b09e1b9a62aee9e36aca4f693a83cef
MD5 hash: 4c845b57db753e12f1239525fcb4e81b
humanhash: dakota-minnesota-sad-lemon
File name:4c845b57db753e12f1239525fcb4e81b.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:150'528 bytes
First seen:2022-12-23 04:18:20 UTC
Last seen:2022-12-23 07:28:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 48fd27bcf24480ac6949776f6c53083c (1 x RaccoonStealer, 1 x RedLineStealer)
ssdeep 3072:6P0i+UD+nJQQ5auAGFui3Swp9T4zZuN/zla/0:6P0inKnJD5RD9pZP/zl
Threatray 169 similar samples on MalwareBazaar
TLSH T150E38D2F6F8415B2E541FAB38C2A80B1F1BE56F127184879BB5E782DF6314CA5239713
TrID 43.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
22.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.2% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
3
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4c845b57db753e12f1239525fcb4e81b.exe
Verdict:
No threats detected
Analysis date:
2022-12-23 04:20:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2029cc72-191d-46fd-85df-8e06c81d12be

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.64449300.31507.28112.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Сreating synchronization primitives
Sending an HTTP POST request
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
anti-debug anti-vm packed
Link:
https://www.filescan.io/uploads/63a52c382bb979c1eee4e184/reports/6c196563-1563-4db5-9e3e-7f5802d3c870/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dd0bdb9b-cb2d-480b-9d38-6a3684f3d07a
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1139852
Signature
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
DLL side loading technique detected
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7e8c1f9dccbb6994c09588f04ec4ebf8db2ab30b3ca1a7951b847475b0e16dd/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2022-12-22 14:48:36 UTC
File Type:
PE (Exe)
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7umd6o4zo3jstajlchqj3cox6g3fkzqwpfbu6krxbduowyoc3oq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
0cca5a92d41a8ea26a8e4051cf62f6a7ab157461006f34bb139684c365dfc6f9
RaccoonStealer
93cb7dd5d6bfd3d1d2d14b2f9bc1dbc57666343bfd42f289525e0999987c2d7e
RaccoonStealer
aa4185102f68d05e1dc41d46e7b65cfb4a12e1f8694b7300264a6044a51f6931
RaccoonStealer
b8a0a0d472bfa63a3a41fb6a321a73874460a4e25971959c64450d1da3aacc91
RaccoonStealer
cf1fc3ceacce58e1348ab0335a3b01ccbd0a7b4eb7ee33589eb2f5998d915340
RaccoonStealer
d3ebf5179cfeee390848119eac91057385b6746835b80093f47637cb83895b42
RaccoonStealer
d8f770f30f9183c128d62fd61e50b2a65d2afbcbbb68d8804803b220d81ef053
RaccoonStealer
f0aaf7ed92def94883ce317c950802e8779a7807b807d3efcc922116e8cad652
RaccoonStealer
+ 159 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/221223-exhx6aah9y/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
852b157c10660c496e2def8aa5f459867b64f9c97f2ffe4166397c505bc5438a
MD5 hash:
7b166fe793cfe3ab89efc1135988bb67
SHA1 hash:
2195e94b9b37afff7e05f2d739fb5a237694c5be
Link:
https://www.unpac.me/results/bc9b0619-64a7-456e-9f6b-a20c8d4f90d7/
SH256 hash:
c7e8c1f9dccbb6994c09588f04ec4ebf8db2ab30b3ca1a7951b847475b0e16dd
MD5 hash:
4c845b57db753e12f1239525fcb4e81b
SHA1 hash:
da6b22245b09e1b9a62aee9e36aca4f693a83cef
Link:
https://www.unpac.me/results/bc9b0619-64a7-456e-9f6b-a20c8d4f90d7/
Malware family:
RecordBreaker
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/c7e8c1f9dccb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c7e8c1f9dccbb6994c09588f04ec4ebf8db2ab30b3ca1a7951b847475b0e16dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe c7e8c1f9dccbb6994c09588f04ec4ebf8db2ab30b3ca1a7951b847475b0e16dd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2482423/
  
Delivery method
Distributed via web download

Comments