MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dcb02549ffe1d2212dbddc97bf48fc57965ca634ff30665cdeb085e60ae73690. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dcb02549ffe1d2212dbddc97bf48fc57965ca634ff30665cdeb085e60ae73690
SHA3-384 hash: 6297419d27ac5cdc51dde1dea359ced23420761009f8d5e64efc156e9e263ce51bfe86df09af59066416be82964bc172
SHA1 hash: d929aa0f8bc0f03236a38096c8c1e64f0e766b35
MD5 hash: 18bedebe0076d0704cb24ae93926b9dc
humanhash: victor-may-pasta-fish
File name:18bedebe0076d0704cb24ae93926b9dc.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:456'704 bytes
First seen:2021-03-23 15:58:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7f34a55f6d2977ea7e87229f36eaaa86 (2 x FickerStealer, 1 x RaccoonStealer)
ssdeep 6144:oTw0ao+rpQX2vR4l1EDZF7pLdzykaAbaj/fh7QszytjRLiXmuavmzGZYY97e+r:10at4Po/tWDhcjt9oMmzyYYRe
Threatray 657 similar samples on MalwareBazaar
TLSH 41A4011072F2C033E41A85B90959D2B20A2AFC325B7556CB3BD1AF3D6E366D19F36247
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
18bedebe0076d0704cb24ae93926b9dc.exe
Verdict:
Malicious activity
Analysis date:
2021-03-23 16:04:57 UTC
Tags:
stealer
Link:
https://app.any.run/tasks/a9b21c5b-e08c-4c3b-8c1a-7b99bcc0846d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/126705/
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a UDP request
Sending a custom TCP request
Creating a file
Deleting a recently created file
Reading critical registry keys
Modifying a system executable file
Running batch commands
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/650312
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dcb02549ffe1d2212dbddc97bf48fc57965ca634ff30665cdeb085e60ae73690/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2021-03-23 15:59:06 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3sycksp74hjccln53sl36sh4k6lfzjru74ygmxg6wcc6mcxhg2ia._file
Verdict:
malicious
Similar samples:
3a8f6b8aa7bfb84430ba0623be44b4efb47eda325003c6a37c59fa939120b76f
RaccoonStealer
40aa3ed3056a334717d50933026aace5847a379b8179178d00928ef1faf55f3d
RaccoonStealer
4de20c5375b9f484f3c764bc62721329813692e6441060fa1674ecec0f13584b
RaccoonStealer
78f5967d8bd5d31343632e8558b9315d9d44d009c923b9c41d417943906f2849
RaccoonStealer
7996b83e810128a314228c81600971654815c8c437a27948b31fba612b2c2b61
RaccoonStealer
7ca4eb9602b54dd5a1003cc83c39d0cc07aeb041cf8be6562f656675a40e4ee8
RaccoonStealer
8c9604ea096cd0a680d183f1f9b2a53d2cce276c7d86efdf21d3dd6bffead1f5
RaccoonStealer
a9d0121ba9783e14f8ac72cce2cbce7e330d0b7f29e5311f497b86d286f2d5d1
RaccoonStealer
d3e7387c7a11a1f82b133b18bf2e3972617ecb3ea29e7366c93024d1fc4af6ab
RaccoonStealer
ec3dba4bdff2d18a52efdbe9adb8a9d8fca6a11b37b29b5f039a8329957482b7
RaccoonStealer
+ 647 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:2ce901d964b370c5ccda7e4d68354ba040db8218 discovery spyware stealer
Link:
https://tria.ge/reports/210323-qr8bheaerj/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious use of WriteProcessMemory
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Raccoon
Unpacked files
SH256 hash:
7b216d21305ea084f3f980640e1f20eb977e6cfed8651b1bad236c77171de882
MD5 hash:
70ed382529ceb355fa8c25f276b0a32a
SHA1 hash:
dfff4db1d7d7f6092fef7d36d5b871c4aa98a879
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/c9b477af-50ad-49fb-af92-89bb66a7494b/
Parent samples :
7996b83e810128a314228c81600971654815c8c437a27948b31fba612b2c2b61
e80db3924627a7961f6bbb34a4d6849546d544620ea77f12b1b3dd8ed024ef4d
42acd6c4185eec5476f6cf001a527ea5f02df93b58668518cc2f4fada0e93f25
924dd7da4bccf24de55307c9754c1e8e44f4706bdaebf80e8f9c60ebdb330635
f7b38e4972a5db6c45a63c5003b5bdc89cd8b93311af6be7f292e25cc9a8b072
40aa3ed3056a334717d50933026aace5847a379b8179178d00928ef1faf55f3d
5a811d31e3dd7e79900b43c1030cb7851acfce9d630093106aa7d3910a64f136
a9d0121ba9783e14f8ac72cce2cbce7e330d0b7f29e5311f497b86d286f2d5d1
8c9604ea096cd0a680d183f1f9b2a53d2cce276c7d86efdf21d3dd6bffead1f5
dcb02549ffe1d2212dbddc97bf48fc57965ca634ff30665cdeb085e60ae73690
e48620af676ceaf029827a84f094f647146c490f867b13a49a20493cfa4aea7c
7db8ace7c48f52fe13f99650d3bedb3fbad3d9a724fa61a08fab255c24a78d5b
8a2fae000c50871ca7a0600d477d6802d02d88df4bee5fa55918bbd7e71bdcd4
17d0d16c98137e68c2ad448821076ee3771edf8a8bf13e6b7b840ac27c452257
efb58eba36b38541a84724d63525a5c3edb74d1a7f7bfe0801e15d32c4080d11
1a659869af1442fd75244bc2522d961e1ecfb811a0670983efd501025f26fd81
4f17f472b466e5e20dcece3207b53ffd5767ffa6f7d540cac3bbf4d8bd21f392
5a24066b086955c44f6124104bc9be99220817c93c75dfa3c9e026d7e1e895ee
10bdc701ee1d051b4fa1e0f6d719fc898c9354c39459cfc9939465e3864f3421
c8847cb9a99370589fe52fcf91b96bef170990a13fa1eb734c1550c4862537d4
d16224a293f1a83316491fed1b2d0fab11594bdd237fb9daf042fb73de2f5407
9ba06643629d95201f9064dfeefcf6fb17a490d5b8fd86b59f3638311a356dd4
3704423d47a1fe2add6f129c38576926db6181fa56330c108f60927ec637340f
c5dc2a93cb4e826f0a7af4adfa5949f65ef758ec68b2d4b6891e307902759d58
b1fb790d7e5b79bad718c968c930b91957e19f8f98165e741afd484694000cba
c870d2a1d2a34377588eae250ef3058c6e4c6e3cfdd829e677eedc78eb1c9ac0
SH256 hash:
dcb02549ffe1d2212dbddc97bf48fc57965ca634ff30665cdeb085e60ae73690
MD5 hash:
18bedebe0076d0704cb24ae93926b9dc
SHA1 hash:
d929aa0f8bc0f03236a38096c8c1e64f0e766b35
Link:
https://www.unpac.me/results/c9b477af-50ad-49fb-af92-89bb66a7494b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Glupteba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dcb02549ffe1d2212dbddc97bf48fc57965ca634ff30665cdeb085e60ae73690

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Email_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Email in files like avemaria
Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:@ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Detects Raccoon/Racealer infostealer
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe dcb02549ffe1d2212dbddc97bf48fc57965ca634ff30665cdeb085e60ae73690

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1083183/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/126705/

Comments