MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e299b7093d803316c4e03377067b1c636477434bbc000002184cc2bb38b9ee87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 15


Intelligence 15 IOCs 1 YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e299b7093d803316c4e03377067b1c636477434bbc000002184cc2bb38b9ee87
SHA3-384 hash: 5fde60dcb307c8701c31a4c65cd47214bfe6aa213a8a61a1c52d74b9353a73f5932f90ba4fa894a08241578312d5d796
SHA1 hash: 753fd24630eb07dfcf7b99474ba84ae77f5038f8
MD5 hash: f6c1d3ae0e0d51c1cd99a006517c2ae0
humanhash: high-illinois-orange-sierra
File name:f6c1d3ae0e0d51c1cd99a006517c2ae0
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:1'072'128 bytes
First seen:2021-12-08 18:07:33 UTC
Last seen:2021-12-08 19:35:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fd25bac5b14a3478dbc2e0096188e38e (5 x RedLineStealer, 3 x RaccoonStealer)
ssdeep 24576:uGirRl1uwgM03vpEuQxamGNhDCsbrsm9DcpmgIwy7Qx/uB5:u5F7gYshxbrsm9D17Ka5
Threatray 2'514 similar samples on MalwareBazaar
TLSH T17B3523E6E6C1150DE9432C3648D9B62A5F25ED162B0EEBC6A740AFBC367C2F3D940507
File icon (PE):PE icon
dhash icon 71e8d4d4e8717068 (1 x RaccoonStealer)
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://185.163.204.229/ https://threatfox.abuse.ch/ioc/268034/

Intelligence

File Origin
# of uploads :
2
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f6c1d3ae0e0d51c1cd99a006517c2ae0
Verdict:
Suspicious activity
Analysis date:
2021-12-08 18:17:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0942db96-be22-4cfd-bc92-487258426c1b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/212593/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/1363/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/61b0f489fa72c81b5b12100d/reports/40e8f2fd-b9e4-45dd-a870-253450fafb30/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/44acea18-b484-4e5a-bf9b-3a85a246d946
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/904106
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (creates a PE file in dynamic memory)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e299b7093d803316c4e03377067b1c636477434bbc000002184cc2bb38b9ee87/
Threat name:
Win32.Infostealer.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-12-07 10:45:56 UTC
File Type:
PE (Exe)
Extracted files:
28
AV detection:
21 of 27 (77.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4km3ocj5qazrnrhagn3qm6y4mnshoq2lxqaaaaqyjtblwofz52dq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
3e820217037e312b739d6514547da6a7afd3d9e3b92dc90e6c30c35808fb5214
RaccoonStealer
51160ae1edfcf45c5e3e6e1bedc4a5bdcfc27d5e23cb08c511ecd43b816b4c08
RaccoonStealer
57127e39e8381f5008ef721023300501ff39b9018907a46a34b7e40d317d8f85
RaccoonStealer
888b7c0da59de4fb96352a4db14b1674881eea78028100bd8ffd8757f21fffdc
RaccoonStealer
c5d5a28565277162bc72399c71d38bf329be3a8e5b34140447212533c06a2be2
RaccoonStealer
c7304ff0966068d305da031f9da60c5b0ebe32ac43533d27f50190f1ba549347
RaccoonStealer
e15eca7be72dec23df207af8366166fdd6e4bc2b878477c5aaaba5e2a9b4330d
RaccoonStealer
ed9d17ee70ce16c077354f25f3c0161d52bf91ae83d48118a7902a48d88926d3
RaccoonStealer
fe3d7939166e8e6ae965d66d98f6ee5583e535b575ba194aef038c6c1ea15ae4
RaccoonStealer
+ 2'504 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:4da27d123a577c68e42716053343dd3f8da508a2 stealer
Link:
https://tria.ge/reports/211208-wqwn4sgfh4/
Behaviour
Raccoon
Unpacked files
SH256 hash:
c46d53a2fb72088f959e9a868ba3d71bcca77eccbc54a4d07b45bf809debea21
MD5 hash:
5bfb0aa0d530d0c007bf03cfd249b4a1
SHA1 hash:
1d1b65b9043f08a6ff7aabca925fd794b8fc85b9
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/61626a6f-3d54-453c-8665-7cb746e200b1/
SH256 hash:
7bf8ad4579aed438ecc59edbd1cea400bf5a9ae29a043f0a3c4a3295693e1bf6
MD5 hash:
e3b80d2fcaa3ab79a8ec6613c0a8cd76
SHA1 hash:
d5625e1ad749223e2ad9c7dd85b6881b9e5c2433
Link:
https://www.unpac.me/results/61626a6f-3d54-453c-8665-7cb746e200b1/
SH256 hash:
e299b7093d803316c4e03377067b1c636477434bbc000002184cc2bb38b9ee87
MD5 hash:
f6c1d3ae0e0d51c1cd99a006517c2ae0
SHA1 hash:
753fd24630eb07dfcf7b99474ba84ae77f5038f8
Link:
https://www.unpac.me/results/61626a6f-3d54-453c-8665-7cb746e200b1/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/e299b7093d80/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e299b7093d803316c4e03377067b1c636477434bbc000002184cc2bb38b9ee87

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Raccoon stealer payload
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe e299b7093d803316c4e03377067b1c636477434bbc000002184cc2bb38b9ee87

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1866439/
Cape
Cape
https://www.capesandbox.com/analysis/212593/

Comments


Avatar
zbet commented on 2021-12-08 18:07:34 UTC

url : hxxp://file-coin-data-5.com/files/8644_1638861086_6423.exe