MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf9588ac6d9e1e69dad6298a0e1fa89c4930afdb5d522493f3bc56a5dbebd1d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 13

Intelligence 13 IOCs 1 YARA File information Comments

SHA256 hash:	cf9588ac6d9e1e69dad6298a0e1fa89c4930afdb5d522493f3bc56a5dbebd1d1
SHA3-384 hash:	b12106f5a7d78a66b43b1a577059dd82fb0bdacaee372e8b59f23165d80588514b0592efb4d76c4d57ef285ef9409796
SHA1 hash:	98a3f62e391e397a183348f6967b5b16b3d7bfb0
MD5 hash:	cf16775ae7412187781d1962ff728f3c
humanhash:	wyoming-mike-quebec-mirror
File name:	cf16775ae7412187781d1962ff728f3c.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	1'540'608 bytes
First seen:	2021-09-03 02:06:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	2a645568dd051b660052e7c94260bd20 (1 x RaccoonStealer)
ssdeep	12288:2RMcCsg2srAQ5RlQMCgnulYgjmrkkmrw:2isgLsQ5Rl5CdFjIm
Threatray	2'782 similar samples on MalwareBazaar
TLSH	T15065E0113683C472E4922575D861C2F85F7ABC7189659D4F6AC93F7E3F306D2AB2830A
dhash icon	a29ecabc86a6ba86 (2 x RaccoonStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://5.181.156.221/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://5.181.156.221/	https://threatfox.abuse.ch/ioc/213378/

Intelligence

File Origin

# of uploads :

# of downloads :

151

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

cf16775ae7412187781d1962ff728f3c.exe

Verdict:

Malicious activity

Analysis date:

2021-09-03 02:08:02 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/31d45356-1857-4b8d-8d8f-eb9dc51e3ec7

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/184985/

Detection(s):

Win.Packed.Glupteba-9820400-0

Win.Dropper.Bunitu-9820578-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Connection attempt

Sending an HTTP POST request

Launching the default Windows debugger (dwwin.exe)

Sending a UDP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ae1a671f-486a-4590-84cf-afc7b94c23ca

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/844470

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/cf9588ac6d9e1e69dad6298a0e1fa89c4930afdb5d522493f3bc56a5dbebd1d1/

Threat name:

Win32.Trojan.MintTitirez

Status:

Malicious

First seen:

2021-09-01 06:41:07 UTC

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=z6kyrldntypgtwwwfgfa4h5itretbl63lvjcje7txrlklw7l2hiq._file

Verdict:

malicious

RaccoonStealer

4534091eb38b64fa82a5198841c841beec6f567fdf42b41a2b8b8781adc54805

RaccoonStealer

72ffb33848edcaf7bd2c4fc56d9e65d2572f97ede9aaf9b98eb3bee837fe1a34

RaccoonStealer

8511964ac27c1585d49ccb8ee1db4a3af663c80bd3e6094779a402879c3b6a96

RaccoonStealer

a7a350da4a5263ee182de850ccd69662e6162b8e3fa42ed089a89be10cecbc05

RaccoonStealer

a9edd7cee5010a9f5aa39bc0be68f8738fa6a537cafd5d07620be35f7126fb95

RaccoonStealer

+ 2'772 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:48f173f191a42f0a06d44a1d5262eb98e1d6778c stealer

Link:

https://tria.ge/reports/210903-cjfvjabhe9/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Raccoon

Raccoon Stealer Payload

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

a2cb965c4dbb8754068b8b637317f6fbda32c6c3926e6c6f81f1f4bb8eaf0395

MD5 hash:

e44eed650714cdc2f312224c157aed86

SHA1 hash:

b961b7e26eb7607ef43f04ea3425ab4c4818833b

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/3287adc0-b066-428a-adad-d98c553ecf59/

Parent samples :

4534091eb38b64fa82a5198841c841beec6f567fdf42b41a2b8b8781adc54805
cf9588ac6d9e1e69dad6298a0e1fa89c4930afdb5d522493f3bc56a5dbebd1d1

SH256 hash:

cf9588ac6d9e1e69dad6298a0e1fa89c4930afdb5d522493f3bc56a5dbebd1d1

MD5 hash:

cf16775ae7412187781d1962ff728f3c

SHA1 hash:

98a3f62e391e397a183348f6967b5b16b3d7bfb0

Link:

https://www.unpac.me/results/3287adc0-b066-428a-adad-d98c553ecf59/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cf9588ac6d9e1e69dad6298a0e1fa89c4930afdb5d522493f3bc56a5dbebd1d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/184985/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample