MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e15eca7be72dec23df207af8366166fdd6e4bc2b878477c5aaaba5e2a9b4330d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 15


Intelligence 15 IOCs YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e15eca7be72dec23df207af8366166fdd6e4bc2b878477c5aaaba5e2a9b4330d
SHA3-384 hash: 624aa1cff1b097129d4196b4f568a999b0ab470765085a4d2a0104518110d21d537192c2545fba87bca137aba88cd3c8
SHA1 hash: 5a8ef2086ef188a5a1433182416adc9222061767
MD5 hash: 0ccce5e6faed10ccbfbdeeae929af078
humanhash: asparagus-pluto-berlin-ink
File name:0ccce5e6faed10ccbfbdeeae929af078
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:1'071'616 bytes
First seen:2021-12-01 21:29:44 UTC
Last seen:2021-12-02 00:50:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fd25bac5b14a3478dbc2e0096188e38e (5 x RedLineStealer, 3 x RaccoonStealer)
ssdeep 24576:1UMgRyZg/ZRCsIPQskEVujGmDEUyqcpmgIw90yJb6:1mR2qt8uyiEo1MdZ6
Threatray 2'697 similar samples on MalwareBazaar
TLSH T10C35237AFEAA443FD2951AFF069C4B447EA7FD086145A1AD23E0BD0F2F92E450C504AD
File icon (PE):PE icon
dhash icon d9f062f1c8cccc6c (1 x RaccoonStealer)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
173
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0ccce5e6faed10ccbfbdeeae929af078
Verdict:
Malicious activity
Analysis date:
2021-12-01 21:33:20 UTC
Tags:
trojan stealer raccoon loader evasion
Link:
https://app.any.run/tasks/67837be3-8fd7-40c5-b08e-8d4939a84f1b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/210472/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Searching for the window
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/474/overview
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed racealer
Link:
https://www.filescan.io/uploads/61a7e95e86bf67e7121e3018/reports/c6460f73-d12b-4c5d-b17c-d9212ef6bc6b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/89c209fa-465c-48d4-bdbe-2981a1d8b126
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/899788
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Detected unpacking (creates a PE file in dynamic memory)
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
PE file has nameless sections
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e15eca7be72dec23df207af8366166fdd6e4bc2b878477c5aaaba5e2a9b4330d/
Threat name:
Win32.Infostealer.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-12-01 05:41:43 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
19 of 45 (42.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4fpmu67hfxwchxzapl4dmylg7xlojpblq6chprnkvos6fknugmgq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
316966b4c933f01dc51c2a48aaa04d54a4ee5d6a88024800f52be264a55293e0
RaccoonStealer
3e820217037e312b739d6514547da6a7afd3d9e3b92dc90e6c30c35808fb5214
RaccoonStealer
51160ae1edfcf45c5e3e6e1bedc4a5bdcfc27d5e23cb08c511ecd43b816b4c08
RaccoonStealer
888b7c0da59de4fb96352a4db14b1674881eea78028100bd8ffd8757f21fffdc
RaccoonStealer
c5d5a28565277162bc72399c71d38bf329be3a8e5b34140447212533c06a2be2
RaccoonStealer
d06e335a2ae5ec650f1272bdb4c780ee859c6ebe54b2d0948b6f9cd8db6b316e
RaccoonStealer
de074784466375ef8258b4dbea4dd579fd9edf0c0e0f2b97afa39d00659f6763
RaccoonStealer
eb77f172afe361c9ff6138ae480d05a5832ba5c15191f9a9b5ccb1267ca5ed5c
RaccoonStealer
ed9d17ee70ce16c077354f25f3c0161d52bf91ae83d48118a7902a48d88926d3
RaccoonStealer
fe3d7939166e8e6ae965d66d98f6ee5583e535b575ba194aef038c6c1ea15ae4
RaccoonStealer
+ 2'687 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:e01406cf9a804c70b4a66c9ff45ad42151469416 stealer
Link:
https://tria.ge/reports/211201-1cgp9abcc2/
Behaviour
Raccoon
Unpacked files
SH256 hash:
d1c351cb812296eb57229d7457642a58245e17f5f80bdc1731c31e245ed23558
MD5 hash:
071f0adc2721cfd1472868a572a52050
SHA1 hash:
daff31cdaf918c7685f0b4ff828211bdd7364589
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/a542e419-a216-483b-aa77-cd60c03090f4/
Parent samples :
e15eca7be72dec23df207af8366166fdd6e4bc2b878477c5aaaba5e2a9b4330d
22ebb950592ccc987fd1dab9ddcd34c4fc519975dc1b82e4a793dc038d2d8e41
3637e86adb20ccee0c96ac838cbba3f61cc1ac0e27fa04766957f7ef28825461
f7ea17d6aa49172752b69d2b1b63f8d22cf064c4f2ea2c3dc97c6b815b324cf0
89c7c028a7e7f95a3595dade72ac1f48da3c71fa3e482347a5a61a714dd57d0c
4e1a1db6d3dc39b67666d1e0304a7477fac814e1fbb7068560abc5eab2168c20
e88ecbbe677d8cfb97ba9a42db6f8b038aa96526b283b9de8635a80dd25790dd
a048547702aaf89637813c4cdc925cf25ab7a3710bfc95f21046be931c1cae63
fd21e7dddc8ed426971983f819be29e6fa123dcdfb19d87fbbbffa12c147188e
74bb6b2e6e0fb719237cb58c1ed17a91032ff3c8a3c11da92011b8e0ba5a1179
523c3d9d49ff39f7f97331e9d89c18053ab85c80f2ead0b505cc7e27e7aa2fcd
738bc607c1a64d1867103f3f4b6558c89401c539c34422d1e7a20fe634828cea
6e004cb6c3f1c0338a20692c375de17324c45e5176e80c6602ae2b1bed2bd4c8
SH256 hash:
4c5a722440392186dd56757edf76c19aa363e6f1a1dfd407a8da1c436e8e6b1f
MD5 hash:
5beebeb008635e85c3c1c6c5d54da9c0
SHA1 hash:
2b0b60913bbf126eb5721e19c267facdadf3365b
Link:
https://www.unpac.me/results/a542e419-a216-483b-aa77-cd60c03090f4/
SH256 hash:
e15eca7be72dec23df207af8366166fdd6e4bc2b878477c5aaaba5e2a9b4330d
MD5 hash:
0ccce5e6faed10ccbfbdeeae929af078
SHA1 hash:
5a8ef2086ef188a5a1433182416adc9222061767
Link:
https://www.unpac.me/results/a542e419-a216-483b-aa77-cd60c03090f4/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/e15eca7be72d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e15eca7be72dec23df207af8366166fdd6e4bc2b878477c5aaaba5e2a9b4330d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Raccoon stealer payload
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe e15eca7be72dec23df207af8366166fdd6e4bc2b878477c5aaaba5e2a9b4330d

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/210472/
  
URLhaus
https://urlhaus.abuse.ch/url/1842923/

Comments


Avatar
zbet commented on 2021-12-01 21:29:45 UTC

url : hxxp://host-file-host-3.com/files/9873_1638332233_9756.exe