MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f106e2efb90c57289bbe57b3be618c063c1bc70f3eaabd2afa73e53c2168a54d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 14


Intelligence 14 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f106e2efb90c57289bbe57b3be618c063c1bc70f3eaabd2afa73e53c2168a54d
SHA3-384 hash: e1cdbf5b49957968ad704af89fd668311add38030ed45f7e9d0a085589ff033101135b74a3dc2f5520696f9f3428fa69
SHA1 hash: a6fb35b4230ae92ae50a2f3a4e7f0ca7341e9f1c
MD5 hash: a93ee3be032ac2a200af6f5673ecc492
humanhash: december-mountain-vermont-washington
File name:a93ee3be032ac2a200af6f5673ecc492.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:452'096 bytes
First seen:2021-11-20 17:40:09 UTC
Last seen:2021-11-20 19:28:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d8d57c6d7c1f3570e93e87f831cb3f7a (2 x RedLineStealer, 1 x Formbook, 1 x CMSBrute)
ssdeep 12288:C4r2vnD/TSzoIBeBji4SDnjRgXaioZionazs:C9D/TrIBqMDn9pZu
TLSH T17EA4012077A2C133E5D285341C71DA601A7B7CB25639889A37781A7E3F633D28E7A753
File icon (PE):PE icon
dhash icon fcfcb4d4d4d4d8c0 (70 x RedLineStealer, 59 x RaccoonStealer, 24 x Smoke Loader)
Reporter abuse_ch
Tags:exe RaccoonStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a93ee3be032ac2a200af6f5673ecc492.exe
Verdict:
Malicious activity
Analysis date:
2021-11-20 17:44:11 UTC
Tags:
trojan stealer raccoon loader
Link:
https://app.any.run/tasks/fd75e131-f458-4ed3-b7cb-3539a9b28567

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.31482.3483.16616.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP GET request
DNS request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware lockbit packed
Link:
https://www.filescan.io/uploads/61993330d0c3a45787fb7ec9/reports/8a3b6db4-6524-4aeb-a91f-d4c1577f18c8/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a43bf7b9-8ddb-4116-829d-7e9dd1b5a262
Result
Threat name:
Raccoon
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/893140
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to steal Internet Explorer form passwords
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Raccoon Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f106e2efb90c57289bbe57b3be618c063c1bc70f3eaabd2afa73e53c2168a54d/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-11-19 13:16:08 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6edof35zbrlsrg56k6z34ymmay6bxryph2vl2kx2opstyiliuvgq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:ddf183af4241e3172885cf1b2c4c1fb4ee03d05a stealer
Link:
https://tria.ge/reports/211120-v9ez2adafr/
Behaviour
Raccoon
Unpacked files
SH256 hash:
4fd3fb38a76d5ed85d5638f74edc572ff86503ca28e6d68d6e13a5e4e54d8209
MD5 hash:
3ae7bfb6478c0bcd2c0e2f54b97f7ea0
SHA1 hash:
2cff331a8dcddb34d7e30a078ffa772c6c2ef4be
Detections:
win_raccoon_auto
Create hunting rule
Link:
https://www.unpac.me/results/77320c51-c360-4876-99d5-4456a89f74af/
Parent samples :
db4ec306ea32c01cb486566c699b9b88013beb26c2830319785bf5a4ee4735b5
bf5031c61e39f9dfb379eba03181bfc5bdc63527c25588279fc9e2684e462c11
fa30571b12211c46fc47639a9d4df6fdeacc8ea6ecffd0a3022f82ffe43d50b1
f106e2efb90c57289bbe57b3be618c063c1bc70f3eaabd2afa73e53c2168a54d
SH256 hash:
f106e2efb90c57289bbe57b3be618c063c1bc70f3eaabd2afa73e53c2168a54d
MD5 hash:
a93ee3be032ac2a200af6f5673ecc492
SHA1 hash:
a6fb35b4230ae92ae50a2f3a4e7f0ca7341e9f1c
Link:
https://www.unpac.me/results/77320c51-c360-4876-99d5-4456a89f74af/
Malware family:
Raccoon v1.7.2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/f106e2efb90c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f106e2efb90c57289bbe57b3be618c063c1bc70f3eaabd2afa73e53c2168a54d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:MALWARE_Win_Raccoon
Create hunting rule
Author:ditekSHen
Description:Raccoon stealer payload
Rule name:win_raccoon_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.raccoon.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/207800/

Comments