MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d69d7bbed75165b50ae8be1e9d3afd6752d4aa19d985af13b8134f8938901e5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 11

Intelligence 11 IOCs YARA 5 File information Comments

SHA256 hash:	d69d7bbed75165b50ae8be1e9d3afd6752d4aa19d985af13b8134f8938901e5a
SHA3-384 hash:	9be8c4dc19bb139369e1105ac3975154f61ff0e9b54b5295891b419c82b698722323ec9b81c1a28a0ac8087ea7874774
SHA1 hash:	5497326a292333b223bf4a45bc3368a15a2ca022
MD5 hash:	98157da0c7419fc47d7868df32467700
humanhash:	table-magazine-stream-maine
File name:	Main-Setup.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	482'816 bytes
First seen:	2021-07-05 08:45:31 UTC
Last seen:	2021-07-05 09:35:40 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	0760b4351aea3a041b7d697c921cb850 (3 x DarkVNC, 2 x RaccoonStealer, 1 x ArkeiStealer)
ssdeep	12288:bLM8zeyBxlx1oEUcIdI1PHw+4ycE0KLuE:bLM8zeyBJyEUX4Q+4ynaE
Threatray	899 similar samples on MalwareBazaar
TLSH	5CA41252B290C432C7A215B47E2DC662BE7C78F152B6C547B7660AFD1EA03C35A73326
Reporter	CholeVallabh
Tags:	exe RaccoonStealer

Intelligence

File Origin

# of uploads :

# of downloads :

149

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Main-Setup.exe

Verdict:

No threats detected

Analysis date:

2021-07-05 08:46:02 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/86a74bc6-712c-4a6a-b169-c38dea245811

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/169708/

Detection(s):

SecuriteInfo.com.Trojan.GenericKDZ.76236.28011.4531.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/dce75d92-e9cb-4596-b7b4-9af0661c1340

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/811778

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to steal Internet Explorer form passwords

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Infostealer behavior detected

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/d69d7bbed75165b50ae8be1e9d3afd6752d4aa19d985af13b8134f8938901e5a/

Threat name:

Win32.Infostealer.Racealer

Status:

Malicious

First seen:

2021-07-04 07:46:48 UTC

AV detection:

18 of 46 (39.13%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=22oxxpwxkfs3kcxixypj2ox5m5jnjkqz3gc26e5ycnhysoeqdzna._file

Verdict:

malicious

RaccoonStealer

0a1d59d149d3b9ae44b37d35d468c4bdd18e3d5d137883dd88daadbd7d9aadb6

RaccoonStealer

3bbc9dc239950316f60ce159afff3e7d7d1ea57c0feb1288a699da981662b9d5

RaccoonStealer

3d528b742ada6b08740dd5413b53471fadd61ca065332bd768904603bd640fa6

RaccoonStealer

416ddafb2fba28c5f294206ad42058367e174dda0126978b0ab2dbe461922dee

RaccoonStealer

a8229a577b8a00a67c7ab25850a9f3c6b57bb036b3e0492b5194cad32a68c0ff

RaccoonStealer

cce575279d97d312432613cd32f727355ee7a0784cfb880c653fe1e1df48f80e

RaccoonStealer

ceba9a4f5114832826e13dcb75d9018eabef56b6b95131cc46bc34d23d846b76

RaccoonStealer

d64cd9ad47506c335d792b8e5a07de1a321a8690f9594d3d0b3a88bcf344d3f3

RaccoonStealer

f3fc2abd99598a304f3b1ba415493fa8cc6ad7057444a10e46ea5c72ea9571a2

RaccoonStealer

+ 889 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210705-e8sb918xla/

Behaviour

Modifies system certificate store

Unpacked files

SH256 hash:

43a804b6325edb78f72e14a39313a9e18ae5e1f07f5e57b830d30b048e84616a

MD5 hash:

e8ef88e32e94cdd311ad3217870dd677

SHA1 hash:

663e829715e6ddb7b9fada1a53a997e93746b6f5

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/12b67fbb-d863-4566-8b7b-d442dee9e956/

Parent samples :

d73091cdaa94599269cac0340ee1bc463581cd01639995af12fbd7e8ac18ce13
d69d7bbed75165b50ae8be1e9d3afd6752d4aa19d985af13b8134f8938901e5a
17ed7923fd51a37a4511508b3f54b79ac2d62196e148dd13230d3f9be95b362f

SH256 hash:

d69d7bbed75165b50ae8be1e9d3afd6752d4aa19d985af13b8134f8938901e5a

MD5 hash:

98157da0c7419fc47d7868df32467700

SHA1 hash:

5497326a292333b223bf4a45bc3368a15a2ca022

Link:

https://www.unpac.me/results/12b67fbb-d863-4566-8b7b-d442dee9e956/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d69d7bbed75165b50ae8be1e9d3afd6752d4aa19d985af13b8134f8938901e5a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Email_stealer_bin_mem Create hunting rule
Author:	James_inthe_box
Description:	Email in files like avemaria

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Detects Raccoon/Racealer infostealer

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/169708/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample