MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebef1def6571bd1b556fa6467a818fc7c9143caad2524a91fcc891b251c8ea01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebef1def6571bd1b556fa6467a818fc7c9143caad2524a91fcc891b251c8ea01
SHA3-384 hash: 3b8d01f3be26ab8a010d069f56db2446aa4dce2d58c187f97a2bad51cfed9e684ab49eed0a4df0d0cda6620bcbbd6cf7
SHA1 hash: cb92f9df68c9420a00bf7dd7a989eadb75d10132
MD5 hash: b70b2e25e1a58e5b8a2270f750231e04
humanhash: fillet-jersey-bacon-ink
File name:file
Download: download sample
File size:4'694'528 bytes
First seen:2023-04-25 14:02:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e742c24cfb407e861d818af89714e7b0
ssdeep 98304:gNbBgmFtnNHwhUMxnqJAxQFP+KoxMDvzyEs5hhEWaChpvfXlm9P69VSig:kNHwhUMxqJAOgzxAyViWbxfXlmMgig
TLSH T1F326334E19D982F0D5D603B8A61A5DDB23F6217F4A65CC6C3EC118827766FF2A02F463
TrID 56.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
11.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.1% (.EXE) Win32 Executable (generic) (4505/5/1)
3.7% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter jstrosch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
232
Origin country :
US US
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
https://telegra.ph/Full-Version-02-13-3
Verdict:
Malicious activity
Analysis date:
2023-04-25 12:35:21 UTC
Tags:
raccoon recordbreaker trojan loader
Link:
https://app.any.run/tasks/341e30bb-9540-4ad7-9a48-1e11b08b74b7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/384815/
Detection(s):
SecuriteInfo.com.Trojan.Heur.RP.@FW@bao@ILdi.7596.655.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/81409/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6447f06032d814bb2259c652/reports/6be8be9c-39a1-4a0f-a37b-6dd63d21c13a/overview
Verdict:
Malicious
Labled as:
Trojan.RP.Generic
Link:
https://www.hybrid-analysis.com/sample/ebef1def6571bd1b556fa6467a818fc7c9143caad2524a91fcc891b251c8ea01
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/e8170ea1-8371-4be2-b9b4-bb0f892a417d
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1220770
Signature
Antivirus detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to evade analysis by execution special instruction (VM detection)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ebef1def6571bd1b556fa6467a818fc7c9143caad2524a91fcc891b251c8ea01/
Threat name:
Win32.Spyware.Raccoonstealer
Create hunting rule
Status:
Malicious
First seen:
2023-04-25 14:03:10 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
14 of 24 (58.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5pxr333fog6rwvlpuzdhvampy7eripfk2jjevep4zci3euoi5iaq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/230425-rcplesag38/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
338664b5583e779e1d64f74e072e18372ba560351baafe4d864d2227ace837d8
MD5 hash:
1449c41ae3bd40393268213a57ca399c
SHA1 hash:
23ba56b1046717dcda716c0b20666951001870ec
Link:
https://www.unpac.me/results/900f74e7-fb9c-4ffe-8b17-c2b07376d9b7/
SH256 hash:
59decf3d3046310c6c3c27074498c2ada7d7ab335726887f652783dc92482781
MD5 hash:
d7182a0b1540711f87ec6a6a8e61b901
SHA1 hash:
cedb3d5ac659efc4b539a43893991a6bae1173bb
Link:
https://www.unpac.me/results/900f74e7-fb9c-4ffe-8b17-c2b07376d9b7/
SH256 hash:
ebef1def6571bd1b556fa6467a818fc7c9143caad2524a91fcc891b251c8ea01
MD5 hash:
b70b2e25e1a58e5b8a2270f750231e04
SHA1 hash:
cb92f9df68c9420a00bf7dd7a989eadb75d10132
Link:
https://www.unpac.me/results/900f74e7-fb9c-4ffe-8b17-c2b07376d9b7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ebef1def6571bd1b556fa6467a818fc7c9143caad2524a91fcc891b251c8ea01

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ebef1def6571bd1b556fa6467a818fc7c9143caad2524a91fcc891b251c8ea01

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2580611/
Cape
Cape
https://www.capesandbox.com/analysis/384815/

Comments