MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
SHA3-384 hash: 95b3385769e7e87dd5ea4865130c9f04bc813f6c0f739f6c2db6bb8b6b4f0233979b1e618b403e6e1ddf3ab023d32fbd
SHA1 hash: 604504eae8ecb59dfb91c5c7403488b9b95843f8
MD5 hash: 61348f2441c23882342e38f89b366d99
humanhash: zebra-burger-eighteen-foxtrot
File name:61348f2441c23882342e38f89b366d99.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:114'688 bytes
First seen:2020-06-03 11:48:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c73ee7c3b35e900ea08c7c0bc28acb00 (1 x RaccoonStealer)
ssdeep 1536:1SPfxV40rWbkxaGkgrKHxLdGKc+o0FDHdZ1gI0T0BOP21PxK1i9T0MOkSgT:wPXqkxHKVdhjFD9zU00PS84TgkSE
Threatray 1'071 similar samples on MalwareBazaar
TLSH 10B37B17FD4D8953E0448BBD2D178EB93B0DF92D08005BEF7176AE9BAD316422C9721A
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7998112-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 12:36:22 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=24sxqxwds4fxl3frpj7fvqknsphhuvgslhp7y5hieixnrt5yw2zq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15145ed8e5ae3cf2acf9ad25bbcb3f782c4d8ba9674185d06baa66ae6d17f25a
RaccoonStealer
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
RaccoonStealer
308c96557c6be5d4519ba4bac38c23e611c7b61683cfc1063a6009e216c24f5e
RaccoonStealer
3e9f05acde528ea5fd7ca9d0c2af0e82d29e343d2f61420290e6f660630cd25f
RaccoonStealer
4100f196d5289b085ea167afbec9aadbb5105bf46e48b5402f583db123878f96
RaccoonStealer
682be0853ccd6f60deb69d27941a628758c4e13e7d2e6ee95a95f415f3a9f0c6
RaccoonStealer
69fe5bb4b975f9437b6c3bcf3f07dc807a8f2e848f1e0c5802012295b06a742c
RaccoonStealer
6fa66f7851bea577cc6adfda11d3225a69b7c6554f028851eddd4d23ea074a59
RaccoonStealer
7dd09a71615dc2a60ba9dd906aebcff010f8442f4db392e4feb88baa01f8c999
RaccoonStealer
bcb474ac919440674135c673d8c6a0fc8015a63a15b2849c3346f74a716b5249
RaccoonStealer
+ 1'061 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-72egkbgxas/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_asyncrat_j1
Create hunting rule
Author:Johannes Bader @viql
Description:detects AsyncRAT
Rule name:win_netwire_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376178/
  
URLhaus
https://urlhaus.abuse.ch/url/265919/
  
Delivery method
Distributed via web download

Comments