MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb4422e0c84fd10d40849c19389d6cc7418d94888878f08c0791e784bc9d8436. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara 2 Comments

SHA256 hash: fb4422e0c84fd10d40849c19389d6cc7418d94888878f08c0791e784bc9d8436
SHA3-384 hash: 215e31424cc8e71de48df7b14045d87b7005266ba49b4839e2a12d089a13b6c5695428c6817c9dc749092823991407d9
SHA1 hash: 67ee8855067eb89ce1e1819090a9c5861604661c
MD5 hash: dfc146122e77c53d9d673b3a66aa6fb7
humanhash: chicken-freddie-helium-iowa
File name:dfc146122e77c53d9d673b3a66aa6fb7.exe
Download: download sample
Signature RaccoonStealer
File size:455'168 bytes
First seen:2020-06-30 13:16:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 35ed5e7633104cdb4d705447e852368c
ssdeep 12288:wIcOOaW51mwzs7Ql4dmkEVSSlA8+qKns08sT9h9g4:wAOaqmesEl4dmVkSSBqKns0bT904
TLSH E4A4023137F2E072D4C794B0A870D6745A3B3871A676868377941A2E3E30BE19B2DB57
Reporter @abuse_ch
Tags:exe RaccoonStealer

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 30
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17205/
ClamAV PUA.Win.Downloader.Aiis-6803892-0
CERT.PL MWDB Detection:raccoon
Link: https://mwdb.cert.pl/sample/fb4422e0c84fd10d40849c19389d6cc7418d94888878f08c0791e784bc9d8436/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Kryptik
First seen:2020-06-30 13:18:05 UTC
AV detection:26 of 31 (83.87%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:raccoon
Link: https://tria.ge/reports/200630-5pshtkxvq2/
Tags:ransomware spyware stealer family:raccoon evasion trojan discovery
VirusTotal:Virustotal results 37.68%

Yara Signatures


Rule name:win_raccoon_a0
Author:Slavo Greminger, SWITCH-CERT
Rule name:win_raccoon_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe fb4422e0c84fd10d40849c19389d6cc7418d94888878f08c0791e784bc9d8436

(this sample)

  
Delivery method
Distributed via web download

Comments