MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e079da0f750cdb631d242e0c473e2b3b9384256ad256d7aef51e34b29555c8d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e079da0f750cdb631d242e0c473e2b3b9384256ad256d7aef51e34b29555c8d6
SHA3-384 hash: 098d73f43a3b0ddd6e4454b7265b18126584a62ea2e6c8c89095f2ae29ed8ce4c7ac9bf5a4aec2565ed2c7a602a6d076
SHA1 hash: a3ba41b4439e2cdece93d87f0a62cbef810e7a51
MD5 hash: 169f798cf5f0ae7ae21e0b4716b33d0c
humanhash: mississippi-king-orange-princess
File name:169f798cf5f0ae7ae21e0b4716b33d0c.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:475'136 bytes
First seen:2021-10-26 15:41:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0f5ea2bfadfc0cb42c0db57501b4ae1c (5 x RaccoonStealer, 3 x Smoke Loader, 1 x DanaBot)
ssdeep 6144:jj2fNdyW1s+BO2jp39Ps2vvGwKNt9M/wAcHPwKFJAuvM/HRbPdzidb4wmmynVP:C/yWZ1jp3hsMOnN3SufroxbPF0nS
Threatray 3'855 similar samples on MalwareBazaar
TLSH T191A4011176A1E033C5B28A308D65D6916A3DBDD2D93E815FE7C73A3F2E702F05A26349
File icon (PE):PE icon
dhash icon fcfcd4d4d4d4d8c0 (75 x RedLineStealer, 56 x RaccoonStealer, 23 x Smoke Loader)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
399
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/200313/
Detection(s):
Win.Trojan.Generic-9904327-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware lockbit packed wacatac
Link:
https://www.filescan.io/uploads/617821cedb358dd15edce8a8/reports/04e4513a-b364-47d1-be86-71947da08075/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d3644b1e-a0c8-4b6d-bf81-946de781a247
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/877178
Signature
Antivirus detection for URL or domain
Found detection on Joe Sandbox Cloud Basic with higher score
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/e079da0f750cdb631d242e0c473e2b3b9384256ad256d7aef51e34b29555c8d6/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-10-26 13:25:54 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4b45ud3vbtnwghjefygeoprlhojyijlk2jlnplxvdy2lffkvzdla._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
2ac3efb66c417b56db8e17b4e9dd6cd11d97c711076fefe71547b0835c7f217d
RaccoonStealer
4cd754af5d3b9faa7e9626f79fccc35464224247a10f4d01ef502a0423e637a7
RaccoonStealer
ade0899750767b8471c3b1ace720a85ebd9c0ba8c84af462257373cb7104d17d
RaccoonStealer
c30a7b035bad293727b98b2ec5c09a5ca9a2d5ff2073fd10de1383238fa094dd
RaccoonStealer
cc98ee14bc8504ed2dae9d010c7f209775de51f9f31086814e2fb6b42baa7cb5
RaccoonStealer
e128f0a54c481a677c0cdc5159600956776cc02fe066cec67775958e4d132ee9
RaccoonStealer
e45562980424366481dbd17982b5773aa120d0c6410a0d45ef4daa156ca7c478
RaccoonStealer
+ 3'845 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:60e59be328fbd2ebac1839ea99411dccb00a6f49 stealer
Link:
https://tria.ge/reports/211026-s5cm1ahgh9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
bc9baeffe575fb5014f429ce1cfad62803fa2617ea8363cc68e938391e6a1843
MD5 hash:
3f55ccf3ea3c99afda9a9fc82156785a
SHA1 hash:
2d93acb2958c3e12a408ee2d7aa22ee54e577b35
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/2a3ed6b2-8a94-4b8b-9ae3-8bd3a387faf3/
Parent samples :
e079da0f750cdb631d242e0c473e2b3b9384256ad256d7aef51e34b29555c8d6
170bb6d431fe180a14501b40c6ab3882c49c2a0f8c120189a99762f89746fe58
d004a793d71800e6358a7dc5322b8bc226739828bb9dfe8d2f62387412670d70
1f172de29d48773e9de63f15a079b0516c0dce6dfc9e998e3d5927cb2c8cecc5
d1e29d1206b6d74e8617f768bb43aea7d352a477b743ae98205909109983f645
92903659aa911b14052c620cd548e51b485ad4ae013fd32caa5f2a7f8f81e3b7
432ae075379bab8df6b3c126fc5f025997fd5263e98283cad5cc828eed3222ae
58524862222e01692b89045f1a8c41cd7c90c31fdb7a8de92ef3b65ef723bb44
64771bf8e0a5d9626795cf4f1172cfaed594ce61defb10f9057fd14e83dff4c5
6540db4c80c867fd643233e553267254b7d7b4f8bece4a32bd99d4c2f128b023
4ac1fd5714d68c3a015611027bd42bd354207d7f9c8417a63a4da31295580ffd
SH256 hash:
e079da0f750cdb631d242e0c473e2b3b9384256ad256d7aef51e34b29555c8d6
MD5 hash:
169f798cf5f0ae7ae21e0b4716b33d0c
SHA1 hash:
a3ba41b4439e2cdece93d87f0a62cbef810e7a51
Link:
https://www.unpac.me/results/2a3ed6b2-8a94-4b8b-9ae3-8bd3a387faf3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e079da0f750cdb631d242e0c473e2b3b9384256ad256d7aef51e34b29555c8d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe e079da0f750cdb631d242e0c473e2b3b9384256ad256d7aef51e34b29555c8d6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1715777/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/200313/

Comments