MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3e12edcfc74eb3d0c54fb626db2d61a82553186504d6fe249bbba792935d425. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 15


Intelligence 15 IOCs YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3e12edcfc74eb3d0c54fb626db2d61a82553186504d6fe249bbba792935d425
SHA3-384 hash: 4a9f0c73cbfde65715993b0d01e4fd4762863f71d290a04e9a01108490c7f54bfc32919ff85b1b8222e2d9e2ea94f6c7
SHA1 hash: 6614064f629b76a3c15f3035839767d48ae7e21d
MD5 hash: d6c1945bccf38070b4bdf13a53c0471f
humanhash: north-spring-virginia-tennis
File name:d6c1945bccf38070b4bdf13a53c0471f
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:555'520 bytes
First seen:2021-12-05 07:23:27 UTC
Last seen:2021-12-05 08:35:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6762d92a3e24838e5da051dd2a6d017d (12 x RedLineStealer, 4 x ArkeiStealer, 1 x RaccoonStealer)
ssdeep 12288:TwU2q5osatHiaoDBOiyo+snAgcQ5kTeotOszB:TN7yHvoDBO9o8Lgobz
Threatray 4'496 similar samples on MalwareBazaar
TLSH T1ECC4E11467A0C039F1B752F88D7AD364752E7DA1AB7980CF62C536EA66346E4EC3130B
File icon (PE):PE icon
dhash icon 60e8e8e8aa66a499 (24 x RaccoonStealer, 14 x RedLineStealer, 7 x Smoke Loader)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d6c1945bccf38070b4bdf13a53c0471f
Verdict:
Malicious activity
Analysis date:
2021-12-05 07:25:02 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/f2e0023d-f1c3-4644-8cdb-8aee805b3566

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/211421/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.31482.1589.16531.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP GET request
DNS request
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/877/overview
Behaviour
SystemUptime
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
azorult emotet exploit greyware packed ransomware
Link:
https://www.filescan.io/uploads/61ac6929fa72c81b5b0c4f39/reports/db4b53fa-0415-4fee-a97e-eca375d126d1/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a6c67761-f600-4de4-972d-ef89cdd8ff9f
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/901622
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d3e12edcfc74eb3d0c54fb626db2d61a82553186504d6fe249bbba792935d425/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-11-23 17:15:06 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2pqs5xh4otvt2dcu7nrg3mwwdkbfkmmgkbgw7ysjxo5hskjv2qsq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
58177414ce7cded267953804df02097df17d2ca711c175bc9a1d9c0681cc3093
RaccoonStealer
bec0b668154a19902c4c39606a18bf0aaf93d52f4922e77dd15d44ddf359d20a
RaccoonStealer
c8333dc7f76585733cb3616ce951b3002189779daaaf6f1dbd5a4701adfbfa63
RaccoonStealer
cab23f63a0cd63cd22fab73efb4c31044c7cb72617a1154a7c47bfa867196c57
RaccoonStealer
d895d7793b22c9d6fc66a55e71ad757362b22a21992524ef5683f016ddf684b7
RaccoonStealer
+ 4'486 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:b78eb5a9f2070a9354e23b67827ba02d1d9e0f17 stealer
Link:
https://tria.ge/reports/211205-h8ksnsehb9/
Behaviour
Raccoon
Unpacked files
SH256 hash:
1564c3c132b4a846d89a32a1ac16460cb4e2751e5322e5a9e91b131418811277
MD5 hash:
726fff836dbd57136957155bc969937d
SHA1 hash:
dfa2ca09f3d1f2504a6cd983ae3fc3ba81dc32be
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/4fcdced9-1ce8-43bc-9a5e-e08a1232c2ce/
Parent samples :
d2667d8a4062bd3dbb04570411a184b6d4a72584f1cd11fb74a145a62c2084b6
37393e775419461d8973fc596cd174cc6ff417e07d19d95aacb02cad3f4367b1
58e55ace1e50d5da54055c0ad559e8b888255a586e363bcf08bb728f9127f318
42f71f7375ace133817bcdf3ed89a994cba9772fc7d9cb084cd78f4afb379026
e4cd6a7b62c12b5afbe9d31ffd4d538d1248e0231cd4af7e1217ce0d7b5bbec3
5826d9d6b454aeb9d4cd3a93fcc821340d6d76e8c9c537dd332cd7fe122bc8e0
d3e12edcfc74eb3d0c54fb626db2d61a82553186504d6fe249bbba792935d425
SH256 hash:
d3e12edcfc74eb3d0c54fb626db2d61a82553186504d6fe249bbba792935d425
MD5 hash:
d6c1945bccf38070b4bdf13a53c0471f
SHA1 hash:
6614064f629b76a3c15f3035839767d48ae7e21d
Link:
https://www.unpac.me/results/4fcdced9-1ce8-43bc-9a5e-e08a1232c2ce/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d3e12edcfc74eb3d0c54fb626db2d61a82553186504d6fe249bbba792935d425

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Raccoon stealer payload
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe d3e12edcfc74eb3d0c54fb626db2d61a82553186504d6fe249bbba792935d425

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1584973/
Cape
Cape
https://www.capesandbox.com/analysis/211421/
  
URLhaus
https://urlhaus.abuse.ch/url/1067835/

Comments


Avatar
zbet commented on 2021-12-05 07:23:31 UTC

url : hxxp://91.212.150.176/filename.exe