MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e438f74e71aa80712289eaac851a59a481b24e46ba5d607e3cd42aeea6129bd8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 15

Intelligence 15 IOCs YARA 3 File information Comments 1

SHA256 hash:	e438f74e71aa80712289eaac851a59a481b24e46ba5d607e3cd42aeea6129bd8
SHA3-384 hash:	ac1a0df9ea3ad8b1dde64a70d8b35a9af4a19d033d07597e9fbbaf69152e587b0096e5931490942d90acdba056d5a39c
SHA1 hash:	b8e6bbbfcff72b0e0fadc2f15504590b1c46afe9
MD5 hash:	1f0b449499b8811d74e99726d337fb91
humanhash:	freddie-mobile-seven-tennessee
File name:	1f0b449499b8811d74e99726d337fb91
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	629'248 bytes
First seen:	2022-01-22 14:04:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1c3e601327e38fd1865e47bf98f54632 (1 x RaccoonStealer)
ssdeep	12288:xLF9cPbIqSDV788wpGu/R2Cpe0LgoL1BH4bu5BySdKsV2J8h30y9cZNJN:Z0jYD58bGu/JU0LgovHJBywVqHy9cZPN
Threatray	5'899 similar samples on MalwareBazaar
TLSH	T119D412353B81D43AC48D06B119258FF41A7FFC7848984686F3AD3F2E6A73291A61635F
File icon (PE):
dhash icon	fcfcb4b4b4b4d9c1 (6 x RedLineStealer, 3 x Smoke Loader, 3 x Amadey)
Reporter	zbetcheckin
Tags:	32 exe RaccoonStealer

Intelligence

File Origin

# of uploads :

# of downloads :

313

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

1f0b449499b8811d74e99726d337fb91

Verdict:

Suspicious activity

Analysis date:

2022-01-22 14:10:02 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/013476ae-24e0-4a4f-8ea9-464ffdf1e08a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/221650/

Detection(s):

Win.Malware.Mikey-9917879-0

Win.Packed.Lockbit-9919158-0

Win.Malware.Generic-9936948-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

DNS request

Sending an HTTP GET request

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/5004/overview

Behaviour

MalwareBazaar

CPUID_Instruction

MeasuringTime

SystemUptime

CheckCmdLine

EvasionGetTickCount

EvasionQueryPerformanceCounter

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware lockbit mikey mokes packed

Link:

https://www.filescan.io/uploads/61ec0ed8f81da814af9966b6/reports/4ab9084c-30d1-4655-ad78-54c1c3f31048/overview

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/88e3da26-c6ec-4144-bf99-454533a6aba8

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e438f74e71aa80712289eaac851a59a481b24e46ba5d607e3cd42aeea6129bd8/

Threat name:

Win32.Trojan.Raccoon

Status:

Malicious

First seen:

2022-01-22 14:05:13 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 28 (78.57%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4q4pottrvkahciuj5kwikgszusa3etsgxjowa7r42qvo5jqstpma._file

Verdict:

malicious

Label(s):

raccoon

RaccoonStealer

6c07cb1892760f9bbb19d05b784d7a544e2d62e69b7ed65450a3e58bb099d05d

RaccoonStealer

6c30d21f796fe02e8e6de2823d8a925a5d3d6c2b248c134e78c18d07d3cb657d

RaccoonStealer

7d8de08a564f08ee20d746a2c445245b75247e772248073431fc30d16a4b9b14

RaccoonStealer

b31474d8c16181a103a6ac36d9277eb7ac5dbb7261cfa74f82adbc8b2d06d3fa

RaccoonStealer

c99134879d691e2bbbf506c3fcc992d1c7b4153c07e7f3952b80c92c944e5539

RaccoonStealer

+ 5'889 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:1bc6116182dfd33bce1052fe9bb0415968161030 stealer

Link:

https://tria.ge/reports/220122-rdbe7abfer/

Behaviour

Raccoon

Unpacked files

SH256 hash:

469bf7bfe84702c7b98818bd5ede75005fd25f08849e440276aad7ada05fc889

MD5 hash:

ae3da3b2c54fb6cd76f044651767da7f

SHA1 hash:

cc6bf63ffabd26329f50c53b28f443ce6e5da1ad

Link:

https://www.unpac.me/results/b1fbc736-9cc5-4ac3-b9b5-d34961eb5f76/

SH256 hash:

780d9cd53573610dcc6ac45a54f4b2776bd00b1417a15021fd180b2593d2261a

MD5 hash:

77a0fa2ab14420ff80d0113c49e07bea

SHA1 hash:

6f2d8d731d7f2727299e7d2a0b7520326d35e921

Detections:

win_raccoon_auto

Link:

https://www.unpac.me/results/b1fbc736-9cc5-4ac3-b9b5-d34961eb5f76/

Parent samples :

469bf7bfe84702c7b98818bd5ede75005fd25f08849e440276aad7ada05fc889
a25181f11132f02a3c25d574e5070686e984251c4558f0794eceef7469eba51a
bab55804afef5da34492f5decf8cd52733055b4101e95bed62f3680c715e241d
e438f74e71aa80712289eaac851a59a481b24e46ba5d607e3cd42aeea6129bd8
56612b95088f7c7e53338bdfe5e26e7ec141dab4da16ec2134220cb8e8bbaada
506ba64aa276b1f0ef41c0c39199f8bbcdc0ed45f4a213e33d2eee089b18fe03

SH256 hash:

e438f74e71aa80712289eaac851a59a481b24e46ba5d607e3cd42aeea6129bd8

MD5 hash:

1f0b449499b8811d74e99726d337fb91

SHA1 hash:

b8e6bbbfcff72b0e0fadc2f15504590b1c46afe9

Link:

https://www.unpac.me/results/b1fbc736-9cc5-4ac3-b9b5-d34961eb5f76/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e438f74e71aa80712289eaac851a59a481b24e46ba5d607e3cd42aeea6129bd8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_Raccoon Create hunting rule
Author:	ditekSHen
Description:	Raccoon stealer payload

Rule name:	win_raccoon_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

exe e438f74e71aa80712289eaac851a59a481b24e46ba5d607e3cd42aeea6129bd8

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/221650/

URLhaus

https://urlhaus.abuse.ch/url/1998121/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2022-01-22 14:04:20 UTC

url : hxxp://coin-coin-file-9.com/files/9885_1642856757_1111.exe