MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eab5f3d7e83f7bc51045f22745fd71ec9e7e1e60194e8400c54bb9d0d165841b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs 1 YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eab5f3d7e83f7bc51045f22745fd71ec9e7e1e60194e8400c54bb9d0d165841b
SHA3-384 hash: d18918df277c201b7884822d5d394a3c171d03d161d299ae8a486a7df468b31762b200d955ef0145b89fe2ee91c2d541
SHA1 hash: 6790edd5f228233682a09ab0f09ec4f91b47859f
MD5 hash: f1542d07c0aa2b2727b4ebdeeabc21f4
humanhash: batman-orange-fourteen-social
File name:f1542d07c0aa2b2727b4ebdeeabc21f4
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:1'203'200 bytes
First seen:2021-10-29 14:09:45 UTC
Last seen:2021-10-29 15:22:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 835da68f7e7e29ef9a08f899d20e0925 (7 x RedLineStealer, 1 x RaccoonStealer)
ssdeep 24576:0knsnrhiMgnFimm36pd5/uYjExMAqkozpBCNtzwAb6FSGLTEZl+:RsFYFKIGaeNoVBCTzgIGXQ
Threatray 3'967 similar samples on MalwareBazaar
TLSH T197458EC6F0B3608ED7A3B0B90B0555824A470D7A6B169AF5AF35E95B11F37A1CAD3303
Reporter zbetcheckin
Tags:32 exe RaccoonStealer

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://194.180.174.181/ https://threatfox.abuse.ch/ioc/239344/

Intelligence

File Origin
# of uploads :
2
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f1542d07c0aa2b2727b4ebdeeabc21f4
Verdict:
Malicious activity
Analysis date:
2021-10-29 14:16:48 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/d25bf441-c08c-49cf-8ff1-b5c46b50d630

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.10962.30108.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8525d8b1-7e9d-420e-be74-b90acf42e5cd
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/879325
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to steal Mail credentials (via file access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
raccoon
Create hunting rule
Link:
https://mwdb.cert.pl/sample/eab5f3d7e83f7bc51045f22745fd71ec9e7e1e60194e8400c54bb9d0d165841b/
Threat name:
Win32.Infostealer.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-10-29 12:04:21 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5k27hv7ih554kecf6itul7lr5sph4htadfhiiagfjo45bulfqqnq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
4cebb5a9492f91192a5def3c8345b217718a8223a9b845c3eec1e1eeaa8c6060
RaccoonStealer
6c2ad98af84288aff6f49ae92f9f71befbfaa4ac35d1a05b1441f1ce15124ee0
RaccoonStealer
796cecd1c22ba9ee8ab2281253b36c7e82df4e7fc90621e6650d354202b37272
RaccoonStealer
9e05d26ca31990960ecb59a804c99db6c1b07ae9d5afc4a835f04a0aceaea75e
RaccoonStealer
9f11cb88433023075e0ad899c15354f27a9ef34e3d53aee561d391130d77ddaa
RaccoonStealer
ea35181753363a426ec2114c24bb445b642445698b5c3e419314b964ce60defb
RaccoonStealer
fd6996eab709c3ed21ef140958d9a9147902336b85b47bc896372a18e469a6fc
RaccoonStealer
+ 3'957 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:ee0dfd02c03b2b693fe376e1caabcbf5a4d23523 stealer
Link:
https://tria.ge/reports/211029-rgp3raddh9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Raccoon
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
2226ad76100f93191ae10818336b12c10b04c110f7d1c55fab338641833e54a4
MD5 hash:
c1c67be98e18e467dee9ba6091faec55
SHA1 hash:
8be6fe7fa6d9fa46d6dfb620f591e2aa6e331620
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/dbc76f2c-9181-43c4-b855-3b6a0d07b952/
SH256 hash:
eab5f3d7e83f7bc51045f22745fd71ec9e7e1e60194e8400c54bb9d0d165841b
MD5 hash:
f1542d07c0aa2b2727b4ebdeeabc21f4
SHA1 hash:
6790edd5f228233682a09ab0f09ec4f91b47859f
Link:
https://www.unpac.me/results/dbc76f2c-9181-43c4-b855-3b6a0d07b952/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/eab5f3d7e83f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eab5f3d7e83f7bc51045f22745fd71ec9e7e1e60194e8400c54bb9d0d165841b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe eab5f3d7e83f7bc51045f22745fd71ec9e7e1e60194e8400c54bb9d0d165841b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1726587/

Comments


Avatar
zbet commented on 2021-10-29 14:09:50 UTC

url : hxxp://5.181.132.165/myblog/posts/171.exe