MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d63046caaf9f654391a4e8b40acf3b743e7e6d96dfd1bec8e1b84f9f406c1ff1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	d63046caaf9f654391a4e8b40acf3b743e7e6d96dfd1bec8e1b84f9f406c1ff1
SHA3-384 hash:	9e16c4485c6a568e0dc16a24d7b74aac1cf940745f8077cd03ec2614e57e997af6526f2559d460356c6d11fb20a87f04
SHA1 hash:	c5396e82539f642ffd19a794370b8b4b8ea9ac98
MD5 hash:	d81c50ae0867cfa6459ea29f3a01797a
humanhash:	london-twenty-seventeen-football
File name:	d81c50ae0867cfa6459ea29f3a01797a.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	547'328 bytes
First seen:	2021-08-02 06:00:49 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3cdea9fa065b5ffb20003adb7f4144ae (4 x RaccoonStealer, 2 x Stop, 1 x DanaBot)
ssdeep	12288:cBPjnoRyRkP9uZf0YbHQRW4UIsh1R5YN2:+7oTAp0YbwW1RGN
Threatray	1'403 similar samples on MalwareBazaar
TLSH	T1F8C40122FD52E072C855853008A2DBB06369A8225665860777581B3F7FF32D367B6E3E
dhash icon	4839b2b0e8c38890 (105 x RaccoonStealer, 38 x Smoke Loader, 33 x RedLineStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

# of downloads :

541

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

d81c50ae0867cfa6459ea29f3a01797a.exe

Verdict:

Suspicious activity

Analysis date:

2021-08-02 06:03:05 UTC

Tags:

installer

Link:

https://app.any.run/tasks/f9e0d741-7f99-44e0-8a07-ae4ad176f018

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/175690/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.37333963.24522.28362.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2e43f56f-101f-4f38-bb1e-79e509837e5a

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/825281

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d63046caaf9f654391a4e8b40acf3b743e7e6d96dfd1bec8e1b84f9f406c1ff1/

Threat name:

Win32.Trojan.Hynamer

Status:

Malicious

First seen:

2021-08-01 23:33:46 UTC

AV detection:

22 of 46 (47.83%)

Threat level:

5/5

Verdict:

malicious

RaccoonStealer

3ac315d081c5f415b514924f875a97c8e7a74d94a2610a079e4ccb66f9251ea7

RaccoonStealer

436efb99c49c7cebeaf2e8810691428a3d105290d8f95d96222c5274b786ae72

RaccoonStealer

4894737e39bed32d36471801a3169e5b4c8214aefa590823993ed75106b70066

RaccoonStealer

67ee0a1422563807cb5af36dd2527d3e96f5532f34020c0cdacb4325d31d77b0

RaccoonStealer

6c8131fc986f9477582f43530e0bdc660887285c83360c52e6b68876a57dc9b0

RaccoonStealer

6cbdf9b7e12a7a43a809caf6750a896454c4d81212fc4444e11e2acd9f3b78ba

RaccoonStealer

a22ce71be55494c6df6acc23d6d90152d8a2f5f57a3b79d1d2347f71c43ff28c

RaccoonStealer

ae7ae9ea7fd0100b620704d462083caaedda2c5c5618ceeca54c1d7673b6be4a

RaccoonStealer

dda0eb627c08fbaa30cedd995f53ded1902e447c543a00f5950812dce24a9009

RaccoonStealer

+ 1'393 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/210802-847speh9qj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Program crash

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

e696a5bfc4817d925fa50ff00340b5a900a38b4037e89d3991efd31864764783

MD5 hash:

9ff86ca2c0e9a55fa15bd5ea9cfe05d0

SHA1 hash:

4f0c50fc30474c5d4a922c08bb318c9858fe5420

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/64c797b3-f9b1-4dd6-b1a5-c256d1ee6d15/

SH256 hash:

d63046caaf9f654391a4e8b40acf3b743e7e6d96dfd1bec8e1b84f9f406c1ff1

MD5 hash:

d81c50ae0867cfa6459ea29f3a01797a

SHA1 hash:

c5396e82539f642ffd19a794370b8b4b8ea9ac98

Link:

https://www.unpac.me/results/64c797b3-f9b1-4dd6-b1a5-c256d1ee6d15/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d63046caaf9f654391a4e8b40acf3b743e7e6d96dfd1bec8e1b84f9f406c1ff1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

exe d63046caaf9f654391a4e8b40acf3b743e7e6d96dfd1bec8e1b84f9f406c1ff1

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1488066/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/175690/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample