MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d00b481be4fa65ceba3125d6741e76792fd98fe4ed427dd498afda550c1927d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 12

Intelligence 12 IOCs YARA 2 File information Comments

SHA256 hash:	d00b481be4fa65ceba3125d6741e76792fd98fe4ed427dd498afda550c1927d1
SHA3-384 hash:	1e64bc62f8bef7dd23703a4c0d1bd3751f0f9bdf23628e22090d6b1599ed4a7da2fe215d70d78ee62bcb5f8cf98f89a7
SHA1 hash:	563412c8a2cdb68549565cff6ad7492384d5d832
MD5 hash:	bf2401d1c7f0bd4105bbd968536915cc
humanhash:	eleven-butter-nine-hawaii
File name:	FullInstall.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	443'904 bytes
First seen:	2021-09-23 13:29:17 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e0383fee3aa7c9c4dbf3a05a98d01075 (4 x RaccoonStealer, 3 x RedLineStealer, 2 x CoinMiner)
ssdeep	12288:y+diCeyg3IZS2VrZzaDBBpFTlqADLDDtUwg6OF:d59PoBXFTl5bgR
Threatray	3'195 similar samples on MalwareBazaar
TLSH	T1709401E236B0C031D7F39A319938F7945A7B7572AB72958E37881B6C2F711D09A26307
File icon (PE):
dhash icon	1072c093b0381906 (22 x RedLineStealer, 22 x RaccoonStealer, 20 x Stop)
Reporter	Anonymous
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/190772/

Detection(s):

Win.Packed.Fragtor-9896091-0

Win.Ransomware.Generic-9896092-0

Win.Dropper.Raccoon-9896196-0

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f952820f-58e9-4ee1-bae2-b7420fdd52f3

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/856555

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/d00b481be4fa65ceba3125d6741e76792fd98fe4ed427dd498afda550c1927d1/

Threat name:

Win32.Trojan.Racealer

Status:

Malicious

First seen:

2021-09-23 13:30:09 UTC

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2afuqg7e7js45orrexlhihtwpex5td7e5vbh3veyv7nfkdaze7iq._file

Verdict:

malicious

Label(s):

raccoon

RaccoonStealer

240ff23832abc300cef55adc3f5f10fffe8b617b1f4e83979bef40c82c03f244

RaccoonStealer

4a6434d66a30ccd95a6c269ba54133d0cade8eb565cd7fd6582abeff8a02a3fc

RaccoonStealer

769e6fac3f7be0c7278bf32ec84b6e96690e06c4ed2c4d06df1f790fc97165e5

RaccoonStealer

78d2e3ffb53da033d7df217d5a67ea52dbac7928cb77d907307a1c77b4453cfe

RaccoonStealer

79353b4beb5c15fb26a1a4e35742da675a5adeff230f9a4d8f3577d47e263e97

RaccoonStealer

7dab69ecef0dc000e97634c8bf2840242b9e75038f32c0eac5eb79772309e43c

RaccoonStealer

830de75be32c7b749962b6ba9b8f9bb50db8bb9145653fa9e38f33715732ded4

RaccoonStealer

93ba1d3d5ea0f821f84ee02b34b65c3768098b5dfc84022a92f79db5a18f2411

RaccoonStealer

f0c98f4c47a7f3890884cea6e1e84d19fd63eeed8b05ba9cb367707a0f28aeba

RaccoonStealer

+ 3'185 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:eeb7fa0213d8654d115aa51e13b01bc804e1dde5 stealer

Link:

https://tria.ge/reports/210923-qrvkjseddk/

Behaviour

Raccoon

Unpacked files

SH256 hash:

91d6e3875115ffb0e7a84c8741fdcbc0babf828ac14bcbf3484852a4a8bc5475

MD5 hash:

0326c24f34f04b2549082eecfdd068a4

SHA1 hash:

d971bd93ace2243b7860e7c604aa3f934a81d406

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/1823f327-352f-43d3-bf5f-1c44249dabf1/

SH256 hash:

d00b481be4fa65ceba3125d6741e76792fd98fe4ed427dd498afda550c1927d1

MD5 hash:

bf2401d1c7f0bd4105bbd968536915cc

SHA1 hash:

563412c8a2cdb68549565cff6ad7492384d5d832

Link:

https://www.unpac.me/results/1823f327-352f-43d3-bf5f-1c44249dabf1/

Malware family:

Raccoon v1.7.2

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/d00b481be4fa/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d00b481be4fa65ceba3125d6741e76792fd98fe4ed427dd498afda550c1927d1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/190772/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample