MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee9634a80a4ae316b85a7178f0cfd96bf288ae5f8f73d86945b10d4f7addcf14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee9634a80a4ae316b85a7178f0cfd96bf288ae5f8f73d86945b10d4f7addcf14
SHA3-384 hash: a1692a118767d09621eb406ca9e2c79d8f0253cb001a390385a0a5378cf3c8146f9a070232635e72fefc3dc931fa2c68
SHA1 hash: 1fee647481504a64f1b01e54ab30ae0066fb6d3b
MD5 hash: 01a2e588ab917eae781680da068447c2
humanhash: fruit-iowa-single-skylark
File name:SecuriteInfo.com.BehavesLike.Win32.VBObfus.gc.27864
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:411'648 bytes
First seen:2020-05-20 17:04:21 UTC
Last seen:2020-05-20 17:45:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 574f1a29cf5fda787782d5867fca11d2 (2 x Gozi, 2 x RaccoonStealer)
ssdeep 12288:qUodvx1R0SsqbxL9+J2OiFuipSmFUiKdG:BIvxoOxL9+J2IikiKd
Threatray 158 similar samples on MalwareBazaar
TLSH 08941201FBE59036C257CA3205B1E6B0972F7C1826308B5F3F9557166FB47E2A2E9386
Reporter SecuriteInfoCom
Tags:RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.VBObfus.gc.27864.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Gandcrab
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 14:43:32 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=52ldjkakjlrrnoc2of4pbt6znpzirls7r5z5q2kfwegu66w5z4ka._file
Verdict:
malicious
Similar samples:
1ab928730305a69a52b7bd52726f07c89c37503b8302ee3edf19abc7d5a8e879
RaccoonStealer
1f41788769bed2b7fa9f0d52c257b57eaf17793d6e02d5b4aea4a4a148d72874
RaccoonStealer
2b54fb9596441cbdb7f2208b41a717adba83c5834a49c534f54d479131f750c1
RaccoonStealer
4aedc1ecfe84e885ec6021198dbb729f438f9f058fb2363a09512cecf776c975
RaccoonStealer
61c47bc44d3877e815be609e98f97eb1b79ee1c9215646570d85cc40aa9c1317
RaccoonStealer
beb2824122982ae356642d0d46c7fba54424687558a35df7e0b22263f9587332
RaccoonStealer
d0b916f3be7c1e77a5bd6865623b7c75fea0eae73526c2b314bae799dbbb09e2
RaccoonStealer
d54f78713ce9ccaaf5b87be9e0273061eb659c547d5882332642b20d71547f79
RaccoonStealer
e6d287e8934bea3f8c237e9095cfebd7e629bb2a9624eafc0b26065e0e03485f
RaccoonStealer
e9ba77b36bd2ca8d3c4486930e2e79d670804bdbec171b8a459c4d1264d7c100
RaccoonStealer
+ 148 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-s2aapejdv2/
Behaviour
Modifies system certificate store
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe ee9634a80a4ae316b85a7178f0cfd96bf288ae5f8f73d86945b10d4f7addcf14

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/364175/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/365304/
  
URLhaus
https://urlhaus.abuse.ch/url/363091/

Comments