MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c86254ee0b13eeb211c13108305a55ad6c64f6a0c71e5a859b92c2ccda363425. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c86254ee0b13eeb211c13108305a55ad6c64f6a0c71e5a859b92c2ccda363425
SHA3-384 hash: b9227a18474cafb3854f12fe8d1848e922168a092fa285656be64a96fb09a12d2f2a6113f8a7e08784b16c2006c6267b
SHA1 hash: e9f351be0d2a66d7cff0bbfbea5bf8e8d0d39eb5
MD5 hash: 9ced6fab210d118d7b6bdc290e111e4d
humanhash: glucose-lithium-hamper-wyoming
File name:HNR0EJHG1BXUSRBAPZHAEBAIIJAMF2.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:3'927'416 bytes
First seen:2022-11-27 03:08:50 UTC
Last seen:2022-11-27 04:27:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c469220599e772ba4cc1ab5aa02a12bd (1 x RaccoonStealer)
ssdeep 98304:tOia3MlLick4jtNAIbrAfbXJLxq1BiQvE5PvrYR34uhtY:tOL3Ei74PvbrArJdNkGd
Threatray 1'340 similar samples on MalwareBazaar
TLSH T16706233712591150D5EDC535C837FED4B2F666BA8E81C8BEA4E6F9C227324E5E202B03
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter tcains1
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
200
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
HNR0EJHG1BXUSRBAPZHAEBAIIJAMF2.exe
Verdict:
Malicious activity
Analysis date:
2022-11-27 03:12:16 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/84e54d43-dac0-4959-a1e5-2e6a47370107

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/338924/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.12482.15995.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Enabling the 'hidden' option for recently created files
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Sending a custom TCP request
Enabling autorun by creating a file
Verdict:
Unknown
Threat level:
n/a  -.1/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/6382d4d1090ea3f04934a488/reports/74313627-ea3e-4d44-86da-aa9eddc89886/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1af122ba-52a2-497e-8dbd-30b87e59b726
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1121787
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Sigma detected: Schedule system process
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c86254ee0b13eeb211c13108305a55ad6c64f6a0c71e5a859b92c2ccda363425/
Threat name:
Win32.Infostealer.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2022-11-27 03:09:28 UTC
File Type:
PE (Exe)
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zbrfj3qlcpxleeobgeedawsvvvwgj5vay4pfvbm3slbmzwrwgqsq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
3570f64dd06f8496b8cab7886c22034651cac26003c6d6d0e7d86bf245c8919e
RaccoonStealer
46878cf16c919445a9e5ada3ff03ca3465c03323a3e8b31c2de38eae1c9259e4
RaccoonStealer
4e73230986aab0ad40dbd475ca56fe0f207ff5d935f766a46cd4675e6bc27229
RaccoonStealer
5ba1c02ffb3a71afd89974b5452b53f65744ec88728c72b66b94d5e915856e78
RaccoonStealer
7a2d18d2dcaaae50afb1f0aeca3d2aacb172471ec1fa11877c8bb731586ba711
RaccoonStealer
973294652225d5fa7ed66a39c2c0b1ef2b518169f1300ca0109c61cde55d35f1
RaccoonStealer
d3cfc436366c9d127c7a6233f6531cf6e5863153b41ba4ab6f8fe87f473c8c9d
RaccoonStealer
f4a57ad535ec4b0c7c1b3fbd9a116e451a392ee3f1e5e8b7a5ee0b05141208cc
RaccoonStealer
+ 1'330 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221127-dnf7jaef58/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/08906243-0832-4a0b-af6e-58796f52bf99
Unpacked files
SH256 hash:
20ce58056ae0499685e9def9bf335de1ec8c478c27d142a09bdb1805716e4843
MD5 hash:
dbe06f2ffdf331487e6f31d97487a4e6
SHA1 hash:
a0819903ea651b14e4203b9d5385f085fe4406fb
Link:
https://www.unpac.me/results/eb93a67a-e241-45c8-af60-099f61f9a897/
SH256 hash:
c86254ee0b13eeb211c13108305a55ad6c64f6a0c71e5a859b92c2ccda363425
MD5 hash:
9ced6fab210d118d7b6bdc290e111e4d
SHA1 hash:
e9f351be0d2a66d7cff0bbfbea5bf8e8d0d39eb5
Link:
https://www.unpac.me/results/eb93a67a-e241-45c8-af60-099f61f9a897/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c86254ee0b13eeb211c13108305a55ad6c64f6a0c71e5a859b92c2ccda363425

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/338924/
  
URLhaus
https://urlhaus.abuse.ch/url/2434520/

Comments