MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da861333adc2959ba16eed203d328b06a17ba9b6f0e16d4abf9ee78b17a6f0e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 13

Intelligence 13 IOCs 1 YARA 4 File information Comments

SHA256 hash:	da861333adc2959ba16eed203d328b06a17ba9b6f0e16d4abf9ee78b17a6f0e3
SHA3-384 hash:	11350fbabeefc8595dc3e523c2b0babe2664b273c00f99ca23dbea098dc7ea58a3fe2c2107de1f46a031e9862b0b334b
SHA1 hash:	ebe668a513b97e3706b468617f7149c6ce3c1cbb
MD5 hash:	df4f56c24ceaf5e049190ed842a73881
humanhash:	butter-magnesium-whiskey-violet
File name:	DF4F56C24CEAF5E049190ED842A73881.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	468'480 bytes
First seen:	2021-08-30 19:16:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	38170c4d65ff42b014b27008b95c5de6 (4 x RedLineStealer, 2 x RaccoonStealer)
ssdeep	12288:rGFzoFVkkqCfB7me/k/Q79GNFQXRwk4Y:rGivf5X/kYmFQKk4Y
Threatray	2'576 similar samples on MalwareBazaar
TLSH	T154A41115F392E936E2127D700C66D650575EFEC8E538864BBBC92B4E1F612E0623237E
dhash icon	4839b2b0e8c38890 (105 x RaccoonStealer, 38 x Smoke Loader, 33 x RedLineStealer)
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://5.181.156.120/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://5.181.156.120/	https://threatfox.abuse.ch/ioc/203162/

Intelligence

File Origin

# of uploads :

# of downloads :

139

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

DF4F56C24CEAF5E049190ED842A73881.exe

Verdict:

Malicious activity

Analysis date:

2021-08-30 19:18:31 UTC

Tags:

trojan stealer raccoon

Link:

https://app.any.run/tasks/87166812-1153-460a-a719-87d4e09397d9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/183886/

Detection(s):

Win.Dropper.Titirez-9884070-0

Win.Dropper.Titirez-9884078-0

Win.Packed.Filerepmalware-9884083-0

Win.Malware.Generic-9884468-0

Win.Dropper.Fragtor-9884486-0

Win.Packed.Generickdz-9884849-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Connection attempt

Sending an HTTP POST request

Sending a UDP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0fd1b682-21c9-4b4f-a600-cc29144cdd1f

Result

Threat name:

Raccoon

Detection:

malicious

Classification:

troj.spyw.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/841897

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Found malware configuration

Infostealer behavior detected

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Raccoon Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

raccoon

Link:

https://mwdb.cert.pl/sample/da861333adc2959ba16eed203d328b06a17ba9b6f0e16d4abf9ee78b17a6f0e3/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2021-08-24 04:16:00 UTC

AV detection:

25 of 28 (89.29%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=3kdbgm5nykkzxilo5uqd2mula2qxxknw6dqw2sv7t3tywf5g6drq._file

Verdict:

malicious

RaccoonStealer

4afb5969afd2c92b331d1fef3412103b6fa4d1ab3f386b9cf505b694038790bc

RaccoonStealer

4df50c6d6d188c3413bdba53851cbeea7b281b92b0d5341c021a65912395fa5b

RaccoonStealer

5e1a4b9ced78b15872e2723b231e3934c4874c6ea28ebf6c983a61f5040b5f96

RaccoonStealer

75f5cadfcf83b2e45e6cb27cf81251658093d4823d530e7668df4d205a6b099d

RaccoonStealer

9bb77fb3b462b7b52694f0326b83b4f0f47969240e296129cd23da3b2fe98fb0

RaccoonStealer

a5f4eb3b915bcfdd72cb81b7d89c0c0fd6b190b637db6ffad25604d24985f9e8

RaccoonStealer

+ 2'566 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:c80460e2a8c20b652cf616c8ea8d7fdde3d5cdb9 stealer

Link:

https://tria.ge/reports/210830-r1sbjxfqbx/

Behaviour

Modifies system certificate store

Raccoon

Raccoon Stealer Payload

Unpacked files

SH256 hash:

e27b68b1fb4c7ec92c2b9927d63885d46431df57acf1da9f92a99abb944ba219

MD5 hash:

d578440d86639af07d68c7ec908bcbde

SHA1 hash:

421ad96a7195e70a6e47581920f4e8e96f679024

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/157d342f-e573-484b-87fc-23fed5ebe8cd/

SH256 hash:

da861333adc2959ba16eed203d328b06a17ba9b6f0e16d4abf9ee78b17a6f0e3

MD5 hash:

df4f56c24ceaf5e049190ed842a73881

SHA1 hash:

ebe668a513b97e3706b468617f7149c6ce3c1cbb

Link:

https://www.unpac.me/results/157d342f-e573-484b-87fc-23fed5ebe8cd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/da861333adc2959ba16eed203d328b06a17ba9b6f0e16d4abf9ee78b17a6f0e3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Detects Raccoon/Racealer infostealer

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/183886/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample