MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1202fc6dd5316b3532deee6847c5ef3ae472ad51fd764f64b03ebc8dc13c723. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara 2 Comments

SHA256 hash: f1202fc6dd5316b3532deee6847c5ef3ae472ad51fd764f64b03ebc8dc13c723
SHA3-384 hash: 6b4e6b2ed890dd3ba178113985175b1f91539d60e2f3bd048d945ef3233950ec3559ed9024369ec82aa71a6bcf764da6
SHA1 hash: 8d8ed7159184b38118333b036b1548722f8e3c62
MD5 hash: 2ad5f75c513d2c04d919089da447c26c
humanhash: beer-cat-four-equal
File name:2ad5f75c513d2c04d919089da447c26c.exe
Download: download sample
Signature RaccoonStealer
File size:683'008 bytes
First seen:2020-06-30 08:48:50 UTC
Last seen:2020-06-30 09:59:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e87e827b8c35620178f7117d8d5f4bfd
ssdeep 12288:EAAkdLwt5pdLP1aj8tseL+q0Gvr8YvshmD:3J1C5sYtHP0GvrF0hmD
TLSH 5FE4021033F2D033C4EA2F315A24C7747A67BCB19768C557B7842FAAB9712E0856B768
Reporter @abuse_ch
Tags:exe RaccoonStealer


Twitter
@abuse_ch
RaccoonStealer C2:
http://35.223.217.188/gate/log.php

Intelligence


Mail intelligence No data
# of uploads 2
# of downloads 27
Origin country FR FR
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17009/
ClamAV PUA.Win.Downloader.Aiis-6803892-0
CERT.PL MWDB Detection:raccoon
Link: https://mwdb.cert.pl/sample/f1202fc6dd5316b3532deee6847c5ef3ae472ad51fd764f64b03ebc8dc13c723/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Kryptik
First seen:2020-06-30 08:50:07 UTC
AV detection:27 of 31 (87.10%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:raccoon
Link: https://tria.ge/reports/200630-mdfljdgtb2/
Tags:ransomware stealer family:raccoon evasion spyware trojan discovery
VirusTotal:No data

Yara Signatures


Rule name:win_raccoon_a0
Author:Slavo Greminger, SWITCH-CERT
Rule name:win_raccoon_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe f1202fc6dd5316b3532deee6847c5ef3ae472ad51fd764f64b03ebc8dc13c723

(this sample)

  
Delivery method
Distributed via web download

Comments