MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e40b804cdb66cb7f2141d1cb0dd2933cca2cdca549e47c0e059813d51d25987a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e40b804cdb66cb7f2141d1cb0dd2933cca2cdca549e47c0e059813d51d25987a
SHA3-384 hash: 27a09effcbff7154eb51a5fd2b2650ee84118448f21eecdbc32ea957ddabe8fba5a42a8416881b7cba54aa0ee50d5674
SHA1 hash: 367b05f59bc780999fd28b74b4939bd07dd1dc5c
MD5 hash: 7f665120f7f47e427833ba3101889215
humanhash: colorado-artist-equal-maine
File name:7f665120f7f47e427833ba3101889215.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:453'632 bytes
First seen:2020-05-20 07:17:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c4041c6336bd986fcc35f8583080b75f (2 x RaccoonStealer)
ssdeep 12288:mK1mBlQ0nMf80SxmasX9f3Etv0+6QSBDJfnWwqq:ZWlehVqc4QWwp
Threatray 319 similar samples on MalwareBazaar
TLSH E9A41211BAE1C437C95B8A328424EBA05B7BFC215271C28B6B9517796E30FD14BF631A
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://34.105.255.170/gate/log.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Gandcrab
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 03:28:12 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4qfyatg3m3fx6ikb2hfq3uuthtfczxffjhshydqftaj5khjftb5a._file
Verdict:
malicious
Similar samples:
0335616afb9c546d9580cd2656fdad8758f4daa215c39a0c14a0fc68a5c129f0
RaccoonStealer
2b54fb9596441cbdb7f2208b41a717adba83c5834a49c534f54d479131f750c1
RaccoonStealer
42a4a241b85a3c8bcd335504f822791859a2e74df645c70951996b35b53212d6
RaccoonStealer
55f47d6441e8fcd7ceb49d115588163c5a2941a2ed954b0a8e09b82233d7de4c
RaccoonStealer
65eccb834f29444214038fec3ecd6f53dee3d98743d8a80f824471c8f153224e
RaccoonStealer
af144fecf75bb3b83d364a523b10f5a825b50f27017060112c17dbf668a5040a
RaccoonStealer
cb96624fc5ed1dca5e1cbca928966a8e9e906817991314675e51fd98f83eb2a7
RaccoonStealer
d3025e6ca15f2f2c1ee931ecc075982f65e95cbbb367762874966472fa168cf6
RaccoonStealer
de7f5d23f01e6db39776b8d70262dbdba511cb42aa65a71e1e3166ab91806da9
RaccoonStealer
ef3a1f525f383f8d5000a9f6fe4337f3c561ad41157d7cbb1bb2905aea18435c
RaccoonStealer
+ 309 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5m3eg88lfn/
Behaviour
Modifies system certificate store
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe e40b804cdb66cb7f2141d1cb0dd2933cca2cdca549e47c0e059813d51d25987a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/363091/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/364175/

Comments