MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 deddab103a2aaae2ce26b6b3b1b1d263ac4c272584ec1d7d5ff8a96bcbaebd4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 13


Intelligence 13 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: deddab103a2aaae2ce26b6b3b1b1d263ac4c272584ec1d7d5ff8a96bcbaebd4f
SHA3-384 hash: 5838b989da2786c3db8c08bcf53b90cf7774b93a9a1456a4c5c5c0c98c61689c3bec2e27869776c4581043e0bb023e89
SHA1 hash: 85a92fb7d922a4d2c51bac03fedc2868599f23b5
MD5 hash: cb2be9b44b5ccb320e6e6eabfbe3123f
humanhash: timing-helium-vegan-west
File name:deddab103a2aaae2ce26b6b3b1b1d263ac4c272584ec1.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:529'920 bytes
First seen:2021-09-05 10:20:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f530acf7acd4a5c8880ba2a4704d4cbb (14 x RaccoonStealer, 4 x Glupteba, 2 x Tofsee)
ssdeep 12288:S6xb7yfqVqrv+iVxg0P44EcsK6ADkjOUuB0f:F7yfqVcrZPpscmHS0
Threatray 3'846 similar samples on MalwareBazaar
TLSH T1F7B4F11E6E91E463C6F8C2344435E7B4DE3DBCA61D24968B7745FB9B2E302802A2D353
dhash icon b67e7c7d767e6e76 (5 x RaccoonStealer, 1 x CoinMiner)
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://94.158.245.173/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://94.158.245.173/ https://threatfox.abuse.ch/ioc/215894/

Intelligence

File Origin
# of uploads :
1
# of downloads :
202
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
deddab103a2aaae2ce26b6b3b1b1d263ac4c272584ec1.exe
Verdict:
Malicious activity
Analysis date:
2021-09-05 10:25:42 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/c49b5aec-de2c-4226-8973-89525dfa7302

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/185430/
Detection(s):
Win.Packed.Generic-9890937-0
Create hunting rule

Win.Malware.Generic-9890979-0
Create hunting rule

Win.Packed.Filerepmalware-9891018-0
Create hunting rule

Win.Packed.Filerepmalware-9891026-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Connection attempt to an infection source
Sending a UDP request
Connection attempt
Sending an HTTP POST request
Query of malicious DNS domain
Sending a TCP request to an infection source
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f3f0b6f2-908e-4b7a-8ed7-93b79dd8d87a
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/845516
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/deddab103a2aaae2ce26b6b3b1b1d263ac4c272584ec1d7d5ff8a96bcbaebd4f/
Threat name:
Win32.Trojan.RacoonStealer
Create hunting rule
Status:
Malicious
First seen:
2021-09-05 06:41:01 UTC
AV detection:
26 of 42 (61.90%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=33o2web2fkvoftrgw2z3dmosmoweyjzfqtwb27k77cuwxs5oxvhq._file
Verdict:
malicious
Similar samples:
0410182910dc03a416ec5421104e5e73b8476c0892aefc92b1aed9628984855b
RaccoonStealer
16165ccc830fd684b7ee45b9edc104b22f8a516a0e82c5a6655b464c794b4022
RaccoonStealer
60a1a8f99a505b8069487bf97d34f005c5ef208651b35950a38bb8dc9aa8ad89
RaccoonStealer
a6f0b3c49ac430d8d1e46dc1936c43ca12f90d39327ab157cb04844f9e04d8f2
RaccoonStealer
b0ccf88d4b5ae968794c601fd99c0af9c61d617693cdb9de743ca03a199c1ea2
RaccoonStealer
bf955e96dafd88ef3b4c926108800c1d220cf07fff9e7cc58086f2c70a81f245
RaccoonStealer
cfa6b6f011518b09676b544189184ab180f77cee281ca7728255fe05077bb2c8
RaccoonStealer
e9abbf811d367cf26f493d72ccd96749e534804ac27d36956dce0484b1440f25
RaccoonStealer
+ 3'836 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:56be4efb71b0a38de783d05b401b05f1bc805bb2 discovery spyware stealer
Link:
https://tria.ge/reports/210905-mdncjahec8/
Behaviour
Delays execution with timeout.exe
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
0e2a294165840a5ba0a18343331b26dc15747c99e989c3bf5b8a219d968709d0
MD5 hash:
c7086aa56ded0f3d493cd93d50e3c7b8
SHA1 hash:
6baafff73dd33408ae9865331afd5ebc0e8c6a7e
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/42ded539-d79a-417b-8695-48a49341b21f/
Parent samples :
77c40ad589b025d3e607000a82a93ac4695a0cd444b3413e432a648c7a375d4d
ce3ab3701778b42da8a688e9e9ea7d3dcbc7873464f95a214771962ad40c710b
b33af04dc64bab485eaaccbe574940a2e641107f8886d0e5e60b303dbe5f797c
38a1d1189d24606ff02ab44bb3e960c11f0d3eee0784e00aeda1fb17fbb3338f
435025a3a84b8da4ccab5d7fd59de3f2c4f58b11db8e11adcfee10c99f491d63
deddab103a2aaae2ce26b6b3b1b1d263ac4c272584ec1d7d5ff8a96bcbaebd4f
e6571c9ee5508a3a15a186c993d9e13ff43b0c0874d43db45dbead81d280c58c
1e2ff254e9ce7fcaba6d728b569ed2adefc8b6080a8cbacb2e62f41203055d94
cd682f673e7dfbeac62b8e2fad4afa3fd12e25faf8356635f4ff76c4dd326cbf
ac9d3193a2f9d3c34acb6d90d3e6dcfe275b0616352f1af8d4d25ed05ef8a9ce
4f86bb133e6e11730ea9a42d2b199d6e28ac7e29add3250416b467212921a02b
SH256 hash:
deddab103a2aaae2ce26b6b3b1b1d263ac4c272584ec1d7d5ff8a96bcbaebd4f
MD5 hash:
cb2be9b44b5ccb320e6e6eabfbe3123f
SHA1 hash:
85a92fb7d922a4d2c51bac03fedc2868599f23b5
Link:
https://www.unpac.me/results/42ded539-d79a-417b-8695-48a49341b21f/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/deddab103a2a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/deddab103a2aaae2ce26b6b3b1b1d263ac4c272584ec1d7d5ff8a96bcbaebd4f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/185430/

Comments