MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd6d19f69137a5e40e315f116a83c5fbd5cda4e8609ff20b3bd10b3a3705cb30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd6d19f69137a5e40e315f116a83c5fbd5cda4e8609ff20b3bd10b3a3705cb30
SHA3-384 hash: 3848f00975712950cd6e420036a938f9ef00584868da068c97fd93b10a0d668d961eb4df87dc6c3ed2e0efd66318dda7
SHA1 hash: 698bcf06a4cc79e27f47ab9dd46f99832898f915
MD5 hash: 18f0ffe93c7cd16466d9d6d3808ca07d
humanhash: red-oranges-gee-batman
File name:18f0ffe93c7cd16466d9d6d3808ca07d.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:576'512 bytes
First seen:2020-06-30 13:30:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 35ed5e7633104cdb4d705447e852368c (2 x RaccoonStealer)
ssdeep 12288:khmwnKIZ2uemIMuq0EUbnqxKVXNVbp4vKzlyqsRYrjhKrgy2Wvl0:ktR2uemIMb0VqoV99m2lyPR2jUrvzS
TLSH 96C412127783C07FE8359A707264C6B15D3F7C71666A819733A8563A1E703E26F2EB09
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17223/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd6d19f69137a5e40e315f116a83c5fbd5cda4e8609ff20b3bd10b3a3705cb30/
Threat name:
Win32.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 13:32:06 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3vwrt5urg6s6idrrl4iwva6f7pk43jhimcp7ecz32eftunyfzmya._file
Verdict:
unknown
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
ransomware stealer family:raccoon evasion spyware trojan infostealer family:redline discovery
Link:
https://tria.ge/reports/200630-y5vdvgw3qj/
Behaviour
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Kills process with taskkill
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Checks for installed software on the system
Looks up external IP address via web service
Modifies system certificate store
Reads user/profile data of web browsers
Loads dropped DLL
Reads user/profile data of local email clients
Executes dropped EXE
Raccoon log file
Raccoon
RedLine
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe dd6d19f69137a5e40e315f116a83c5fbd5cda4e8609ff20b3bd10b3a3705cb30

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/17223/
  
URLhaus
https://urlhaus.abuse.ch/url/401434/
  
Delivery method
Distributed via web download

Comments