MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e712a2411eda56792ddf7f45f19ed01e5a77ceaa5f08942b2e8cfd3d07cd7158. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e712a2411eda56792ddf7f45f19ed01e5a77ceaa5f08942b2e8cfd3d07cd7158
SHA3-384 hash: 5298b39ea6928bdde7b38c79cda57214545c9bbb5c98bf026f825543c8645ad42bba9eefc523ec0ee5075c5a52b1e049
SHA1 hash: 83896c0ce5b0c37ebe9e5d0707ba3fbf28ae02ce
MD5 hash: 13a9cfd3cd6779bd123789409cfac0fc
humanhash: yellow-jersey-october-maine
File name:13a9cfd3cd6779bd123789409cfac0fc.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:602'624 bytes
First seen:2020-06-30 06:25:21 UTC
Last seen:2020-06-30 07:01:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 568bff351ee7e99ef7cf7a9adda85cab (3 x RaccoonStealer)
ssdeep 12288:Pppr4cDxvURaqvRng+QR0npX/P+riSVGpO1RTpU0oSEf7pVKk/MBO3ZXtyJyIqJp:vrrDl/qvS+QanpX/HWk2B0OyIqJjl
TLSH 6BD40141B383E07AF4772670B96CE6B1466E7C721B2504CBF7953A3FAE722D05A29311
Reporter abuse_ch
Tags:exe RaccoonStealer


Avatar
abuse_ch
RaccoonStealer C2:
http://35.223.217.188/gate/log.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16817/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e712a2411eda56792ddf7f45f19ed01e5a77ceaa5f08942b2e8cfd3d07cd7158/
Threat name:
Win32.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 06:27:04 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=44jkeqi63jlhslo7p5c7dhwqdznhptvkl4ejikzort6t2b6nofma._file
Verdict:
unknown
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
ransomware spyware stealer family:raccoon evasion trojan discovery
Link:
https://tria.ge/reports/200630-tlz4pzxrdn/
Behaviour
Delays execution with timeout.exe
Checks processor information in registry
Suspicious use of WriteProcessMemory
Checks for installed software on the system
Legitimate hosting services abused for malware hosting/C2
Modifies system certificate store
Reads user/profile data of web browsers
Loads dropped DLL
Reads user/profile data of local email clients
Executes dropped EXE
Raccoon
Raccoon log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe e712a2411eda56792ddf7f45f19ed01e5a77ceaa5f08942b2e8cfd3d07cd7158

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/16817/
  
URLhaus
https://urlhaus.abuse.ch/url/401434/
  
Delivery method
Distributed via web download

Comments