MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df894381206db5cb83860343b60baea0012d0d5535de1339492c121a51b84886. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 9


Intelligence 9 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df894381206db5cb83860343b60baea0012d0d5535de1339492c121a51b84886
SHA3-384 hash: 210a7be0dac914e9c0161c938b67a5fec8d1948e24351536c78fd8199a461106824b65cab494e436c4308fba134ff1a2
SHA1 hash: 7f77b5205037eb4c0468015bc2e9caee738ed487
MD5 hash: f1683ed759a2e3058fa3137bcde9522c
humanhash: oregon-winner-quebec-florida
File name:F1683ED759A2E3058FA3137BCDE9522C.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:3'759'104 bytes
First seen:2021-09-03 04:10:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 008f94f66b31c7c17b41ee47afe6a600 (1 x RaccoonStealer)
ssdeep 49152:TiQEhK+CPzXkfsfGlPVH7SZgOFFrGxKOLBy0R5BHQElNep3gvc9jSeULIhzjoV8b:8kwOGltbSZPrBOjRbHbNspB1UV8pnh
Threatray 114 similar samples on MalwareBazaar
TLSH T137061267312640CCE7FCC7BA8627BEB131FE167BCD816878D6A9F9D12D318D0A106646
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://5.181.156.221/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://5.181.156.221/ https://threatfox.abuse.ch/ioc/213378/

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
F1683ED759A2E3058FA3137BCDE9522C.exe
Verdict:
Malicious activity
Analysis date:
2021-09-03 04:13:43 UTC
Tags:
trojan stealer raccoon
Link:
https://app.any.run/tasks/0fcc829c-c976-48d1-86ff-01594b57e5bb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/185000/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader41.12230.17647.19426.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt to an infection source
Connection attempt
Sending an HTTP POST request
Sending a UDP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dabfed77-5e02-4dfc-8648-960fc50147f2
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/844503
Signature
Infostealer behavior detected
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df894381206db5cb83860343b60baea0012d0d5535de1339492c121a51b84886/
Threat name:
Win32.Infostealer.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-08-14 13:30:56 UTC
AV detection:
28 of 45 (62.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=36euhajanw24xa4ganb3mc5ouaas2dkvgxpbgokjfqjbuunyjcda._file
Verdict:
suspicious
Similar samples:
1ba0f8177f56072e3e45ddcbb425c767bf7ffc6f096792240423f63ee5a962d2
RaccoonStealer
22a49fd2468178e5b33cad08985adde50f0530a33260affc58bee6b2401005a9
RaccoonStealer
54fca1375e62c5978b78593ea50a5ac198da69c3e033c94371cbb81dc5a9d5be
RaccoonStealer
586308277bf0f934777f113da1b684233d2cdfbf6b746eebc35d2f8dc8d1c585
RaccoonStealer
5ac7fc154a948a26d0b7469dda7495f712cb15d055692e6cd989c07c92fee9f7
RaccoonStealer
8e4f30afa8d0ce48c46a39e2754d8f7adad90ae8ccaf0132b354be76076b20cc
RaccoonStealer
a488990c82230074fdf4f22a014a8f05dbb2bdc055c096c4d4a28b3a8055a648
RaccoonStealer
bfe5a7e03d6d57dae9d1eb74e5a1d837a04ac3c9c9822e1ee26c6a586c6a7342
RaccoonStealer
c26c3942bfffaf29745ed1ae6855823bf4d179f9091aa2f84de12222ef870b10
RaccoonStealer
eebd330208d3021ba7caf06e78588daaa3e9de826c373025aad1bea09a94865d
RaccoonStealer
+ 104 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:a34a5e2a0dd041cefd2ac6537222d8e668343682 stealer
Link:
https://tria.ge/reports/210903-eryrescad4/
Behaviour
Modifies system certificate store
Raccoon
Raccoon Stealer Payload
Unpacked files
SH256 hash:
2cb84cdcb08739c0496e5c506d5e87606945726335724f911a5ffb65694bb9a7
MD5 hash:
c6dfe963bf5481296419d506263be656
SHA1 hash:
e7952a4472934a6cbc4012e00b11bf05041d0d9d
Link:
https://www.unpac.me/results/54a51743-120e-449d-8f32-124946a198dc/
SH256 hash:
df894381206db5cb83860343b60baea0012d0d5535de1339492c121a51b84886
MD5 hash:
f1683ed759a2e3058fa3137bcde9522c
SHA1 hash:
7f77b5205037eb4c0468015bc2e9caee738ed487
Link:
https://www.unpac.me/results/54a51743-120e-449d-8f32-124946a198dc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/df894381206db5cb83860343b60baea0012d0d5535de1339492c121a51b84886

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/185000/

Comments