MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc6745de06cfe2977ca39a425619d5df9bf942d4eeb70b381d5ff2fc238cb7c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc6745de06cfe2977ca39a425619d5df9bf942d4eeb70b381d5ff2fc238cb7c1
SHA3-384 hash: 4619226377ceed873b0d707f3480adfcdb2eb110eff6178165f9a83547a5c59fc4ef318c50eb0f730f962445ec9004b5
SHA1 hash: dedf3ba0a0a2349a7413c7c44509151c8e42ad44
MD5 hash: 389a9eefc4f474dd860b86f036b99321
humanhash: nineteen-fanta-north-muppet
File name:389a9eefc4f474dd860b86f036b99321.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:512'000 bytes
First seen:2021-11-15 07:00:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 622f52745de31bb340a6b60a08c245aa (8 x RaccoonStealer, 7 x RedLineStealer, 1 x CryptBot)
ssdeep 6144:0sTL4Hz2znpij8T94+eFs5PPQPDO/ZPJAmHs1qMPvNjOFaJtERzO/q2l0ajjXT5S:9H4Hino25KDMqKOvNiFa0RznU179
Threatray 4'207 similar samples on MalwareBazaar
TLSH T111B4F1C07B919836D4763E31B964E6B15A6BF831D934950AFB74971F2E733E00EA2702
File icon (PE):PE icon
dhash icon fcfcf4d4d4d4d8c0 (41 x RedLineStealer, 30 x RaccoonStealer, 9 x Smoke Loader)
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://91.219.237.226/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://91.219.237.226/ https://threatfox.abuse.ch/ioc/248088/

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/205761/
Detection(s):
Win.Packed.Generic-9908949-0
Create hunting rule

Win.Dropper.Fragtor-9909325-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending an HTTP GET request
Sending a UDP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/619205b2a00afa9663a80cb4/reports/de0f8061-8523-45b0-a6d7-dad26a052ec4/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7a088c9a-237a-40f6-8d33-0bc64f711875
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/889138
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc6745de06cfe2977ca39a425619d5df9bf942d4eeb70b381d5ff2fc238cb7c1/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-11-15 07:01:07 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3rtulxqgz7rjo7fdtjbfmgov36n7sqwu523qwoa5l7zpyi4mw7aq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
036084777111f92e772c3f0e3375b7a671953536f5526c4850264f8b723e337a
RaccoonStealer
5523638949848b383861e23b4d54caa09d1c7e047fb2293bd3938416339d5b59
RaccoonStealer
65ebd52ba08105df32e2427168357d33c7deca9feed6d78540fa38aafc8e8277
RaccoonStealer
9308d06fec62ea75d5d1a5a86114ee2b326c543f9338ea5216ef88fb31af241a
RaccoonStealer
bd6bb975db60f223e5169901b94cb4a087e76422f799890fba9049b3b9b80fc3
RaccoonStealer
+ 4'197 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:675718a5f2ce6d3cacf6cb04a512f5637eae995f stealer
Link:
https://tria.ge/reports/211115-hs782aedbm/
Behaviour
Raccoon
Unpacked files
SH256 hash:
2a2ba5b248dd91c2587a65fc631c9c0420a51e482868ff122589e504cde85359
MD5 hash:
067d2c6243d0f98ae656fe05c70ff7a5
SHA1 hash:
15dce4243edcd70e7e62f5dbe5de927aeaa5e59e
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/b7955ec0-5d82-4467-86f5-0cfaca36230f/
Parent samples :
09a00301556acb4de926b4416267d9de24fe6378b6a9e82132179a87d6e6bdde
fdd4f5811b2ddef82ef643bbad923e615838947ecd447a4ad08b13f675b05c40
0166d0fc5da4d3c12c8955d1cebe10f366cd0a0674f2a5d403e2cfc40804209e
4bed5412c52ed11f549d5c6d703ca56de574a4af942fb81efa46b54b94d35a03
b34e8aa6bc42993186969f1477590c585d6eee163fde696854cb4e462fbbb7a8
8f34321cad9e1f7e2d41ea9ca04699aef59ba9c768ecef60ce2bf54bf13826bd
3479b7419ece3f4c774cb55e73e7d538b8e8271d9d5cccbd3fc48266874a3ce5
86b870116bb099e653d83b6c9aaf742e77f65c0677dfa71908377b9300a6507d
d0366bbec7419a0ba11bceade615b2bfb23a568e6cb0b7c33a903e4f679c03fa
92cde3e38c7522bc1c3e01ebeaa60b5fd37f7766ca5064d571afa933312b460b
8378882572dab3574e094ea453aebae67493ecace0196d87fb2a6ad29282b5b0
3bf5e3b569ce7b7c421c15e8f1ed09740f71a9897e98702e648b9a3eab9ecb7a
a921f59feebc9aea286874e8f499dbcbfafe1cfee244e44ec7dc2b431d1b39d0
d5151ae2398b510107975a3744e0a4321d53d09eca55c9f64aeaca226d5fcce7
749543031579c39e1ee8621db7979aaa5a9bd7b22c05486a55b8b91e537bbf54
6f391d149f103ec2e7eb5af33aa119d7977caa80a815d388044d50abc0607a72
9598ecb2f430ae57baec3e652df255e48ab6fbc4cb680f567a5ba3832cae7e56
30a2b243996af346243dacf92e14caf4fc7d2fefaabdc900797f4d5c700be730
354928b0eda9cd85f543b70deb29a9cd3973244304ede6477c25e64ce2d85ad0
840613e133118f0d8c21ff1b6df7b7cf1245664f88447fdd716a79305e9aeaaa
8dee7c9f5e45b520324d40a399ce69972385c7d2423068c4496ad7df03fdb977
bd6bb975db60f223e5169901b94cb4a087e76422f799890fba9049b3b9b80fc3
036084777111f92e772c3f0e3375b7a671953536f5526c4850264f8b723e337a
65ebd52ba08105df32e2427168357d33c7deca9feed6d78540fa38aafc8e8277
6712966fb71efdd915b841784b4291038c230ce956ec0f3cc21b8010aa2b5097
1abda6533abb0bc7d91351e49a8033d50748f82c58b2ee7e5c249432a60cd4d3
9308d06fec62ea75d5d1a5a86114ee2b326c543f9338ea5216ef88fb31af241a
17f034d82769b0c4477038efab7264cf527325f9988f5da5765e7556c7b512da
5523638949848b383861e23b4d54caa09d1c7e047fb2293bd3938416339d5b59
879b3d8f4e4f90f19da28a6ff8b46fac43c972a2b4b268a708966650b9148b7f
088408d4521923335a966f44b2cb47e1303db2fd804b9e2df4404919d535dc11
92ceb8a100237ef5f832fa20c890adbb4795094dd0d04404643fc054d93ca75d
ed3468785dcb7ebfaa55ce7b8af4fffbc0e3cb1ef53dea99f96cefb6457c3c3a
36b9f1cd3c80826ab3b0ee34a8778ec6fda5143fc8df96297ba586c2e09164e5
7b299721449e841ed6e5c241c4e686cc3c1f0554ce8427a5c9fa986be99e6298
dc6745de06cfe2977ca39a425619d5df9bf942d4eeb70b381d5ff2fc238cb7c1
c7f7b5f94ea4d9afb32067a16f0c5de0beaa2d16cbb8dea032e9cf0b3059e1f4
aac731bb54c6d39f286068cf0b5c59189c5d21d1c95fd8c2f7b5c53e6d29564c
a5f90b635d81e3f1274395da89cffa873593dff99b4eb1826849ab088edebfb7
32788bd3c4dbc325754fef4cf6242f38210e7db4b39a69c5f742cf9675244013
d8a1b8221fdf02c5363f9f86852818ad5c8f3471d29fdc686547f09dda04ef62
d5417bd4f17d95f5c1f8d49d9af9d9e56efd4aecf50e1914ca357f3fe97d74be
37c36451adf39bbe14c487781050ba809ff5d830289ebe3a79e26a279fa060e7
affd2c7f421e34ca07b479d486b97d3401c3223584b427272635fde19a2c5f21
2b074cacb004b725fd8f681741a3a19c642bb5bd3ef7c8c7a5c838c3fd1e7165
c94cb969f64eae727b1ad3b39d37216a64ec2361a8adcf3e55609b060d3e0cce
2f0f18541bb5925ced2ec3c73b792e42cc635f14aafc25b045a012df9096dc32
ebce5c08413f5c4047126e7af5ab5f5025be812b60ec7240560e2869f7286d67
d8ed0ddbe32fee0bf5d9036e9e0d8b2d5c5ed2dee4ee1efc8c4d3983c6ee7310
SH256 hash:
dc6745de06cfe2977ca39a425619d5df9bf942d4eeb70b381d5ff2fc238cb7c1
MD5 hash:
389a9eefc4f474dd860b86f036b99321
SHA1 hash:
dedf3ba0a0a2349a7413c7c44509151c8e42ad44
Link:
https://www.unpac.me/results/b7955ec0-5d82-4467-86f5-0cfaca36230f/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/dc6745de06cf/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe dc6745de06cfe2977ca39a425619d5df9bf942d4eeb70b381d5ff2fc238cb7c1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1738451/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/205761/

Comments