MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9b45bfb22bcdbede7230846c90079c50b760e41c4f510ad547dc68bf38d9c45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 11

Intelligence 11 IOCs 1 YARA File information Comments

SHA256 hash:	d9b45bfb22bcdbede7230846c90079c50b760e41c4f510ad547dc68bf38d9c45
SHA3-384 hash:	72de97d4b7a5a4069df3fc8cdc877b42704400cf3978aac51bbae23ae63692b9520cfbce393ddf05ec9f059259e897a9
SHA1 hash:	c66fcba85d3d490ee3c6db6ca01157bef4ea6c7c
MD5 hash:	6fa7f8fb04d2bff1ea40fc7ab0e48452
humanhash:	ink-zulu-sad-seventeen
File name:	6fa7f8fb04d2bff1ea40fc7ab0e48452.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	497'152 bytes
First seen:	2021-09-21 11:55:45 UTC
Last seen:	2021-09-21 13:16:57 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b4a5f131bf57e0871ab3cda52113b279 (4 x RedLineStealer, 2 x RaccoonStealer, 2 x Stop)
ssdeep	12288:WMHY8bmRmJWEYbOLquUJWB4z3vuV2qxAxBai:pRbkm/YbOFZBQvudmxh
Threatray	3'203 similar samples on MalwareBazaar
TLSH	T170B401003670C531D5A79270CF74E794ABEAF85154B4874B7BA22F6EEF30381772A25A
File icon (PE):
dhash icon	327e7c7f727e6e76 (3 x RaccoonStealer, 2 x Stop, 1 x Tofsee)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://185.53.46.105/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://185.53.46.105/	https://threatfox.abuse.ch/ioc/224184/

Intelligence

File Origin

# of uploads :

2

# of downloads :

202

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

6fa7f8fb04d2bff1ea40fc7ab0e48452.exe

Verdict:

Malicious activity

Analysis date:

2021-09-21 11:58:58 UTC

Tags:

trojan stealer raccoon loader

Link:

https://app.any.run/tasks/675a18c1-3560-40ad-9afe-b52502ea5ecc

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/189855/

Detection(s):

SecuriteInfo.com.Artemis6FA7F8FB04D2.13925.24351.UNOFFICIAL

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ec509879-2082-4a84-b19b-9cff6a4457ae

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/d9b45bfb22bcdbede7230846c90079c50b760e41c4f510ad547dc68bf38d9c45/

Threat name:

Win32.Trojan.Zenpak

Status:

Malicious

First seen:

2021-09-21 11:56:06 UTC

AV detection:

16 of 45 (35.56%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=3g2fx6zcxtn63zzdbbdmsadzyufxmdsbyt2rblkupxdix44ntrcq._file

Verdict:

malicious

Label(s):

raccoon

Similar samples:

2f7aa46027a15a329be8297a786d8c9c61f8ae89dcca9a72d88e0cfc08f38ec2

450e075bf8a574b403096f9ffb1cd87857ee543771ed744c63012e6613807b0e

47d10ac8920b58c08d0da346b4f1b8527977dc053a87185e052cbdc538f172f4

78d2e3ffb53da033d7df217d5a67ea52dbac7928cb77d907307a1c77b4453cfe

830de75be32c7b749962b6ba9b8f9bb50db8bb9145653fa9e38f33715732ded4

8c9a9047c056ec7ce9b5b5c9df7934bcb265e3854994ee98f437b3c821b20408

d690f8acb2be07e4c3c00c177e4541fe6152f82fa719b911a9ae41987e0325ea

e365aa3dff18f941f4115d457a1909358e793cfb5877681756fda6adfc3da552

e6f0ab95e920970099a345f11ea0637ece8c061b0a73c74ecaffc072c68a0766

e838650dcbc88fd2e8ce7f9dcbdf9f1afba6a007e133c87e73597ad947695c89

+ 3'193 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon discovery spyware stealer

Link:

https://tria.ge/reports/210921-n316cshde7/

Behaviour

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

Checks installed software on the system

Deletes itself

Loads dropped DLL

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Downloads MZ/PE file

Raccoon

Unpacked files

SH256 hash:

2b846276cddcb96a51df3052f4f63232f4a9615e08df959342185ed0255c3f0c

MD5 hash:

6f5936f1ebe731d1069daa1b20473a6f

SHA1 hash:

e83bd74f6ebb2b095cffb5f534c3ad1d0017c7c3

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/91cb43e0-45eb-40fa-9c0c-4dc6d070d3d4/

Parent samples :

d9b45bfb22bcdbede7230846c90079c50b760e41c4f510ad547dc68bf38d9c45
8eef033f451d0f80979ba8cfdcd79677c475cf34a8337c54af16895defbd88b6
726b323eb5c1c2ae7928f60d7002b3b63b4a69158347686d17789eb0e86fd768
39d315cd7c986f2f67360720d9a390b4720799ad36ac88b668c9ced2beede0c7
7b99761722d319d84a1ff7c9e0956482f95f704daba975cb4e57dd3163a35332
77cf253139da7813ef65bbc083d1369e8f2b62a5328aa34aa0c7e490a5686af7
f2d3836aef9771efe1fa4b1a3fad5488c2d3511cd536f5ee4cd29c8a3d2b5399
ce026dbd067345f31a83fbef3c221af1f05d031a33727766ae3756955821ec6a
f97dba49c60aecda455799132bacbfbca94c45e2eee2e9b01c11a485e53a4845
940cbb7e02747f1ab72352d67b1f4b02d336e92944e195827ff6731fb89e14cb
d720677c3d1ae4e2048fba7ff9a80839affa35f45f6abd2643b0de4a0f9bc997
240ff23832abc300cef55adc3f5f10fffe8b617b1f4e83979bef40c82c03f244

SH256 hash:

d9b45bfb22bcdbede7230846c90079c50b760e41c4f510ad547dc68bf38d9c45

MD5 hash:

6fa7f8fb04d2bff1ea40fc7ab0e48452

SHA1 hash:

c66fcba85d3d490ee3c6db6ca01157bef4ea6c7c

Link:

https://www.unpac.me/results/91cb43e0-45eb-40fa-9c0c-4dc6d070d3d4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d9b45bfb22bcdbede7230846c90079c50b760e41c4f510ad547dc68bf38d9c45

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe d9b45bfb22bcdbede7230846c90079c50b760e41c4f510ad547dc68bf38d9c45

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1632263/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/189855/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample