MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc51957298f981557d270415f537221f6ed34313a7ff59982e1a1f8366f30b48. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RaccoonStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	fc51957298f981557d270415f537221f6ed34313a7ff59982e1a1f8366f30b48
SHA3-384 hash:	06370a39a954104074b6c8b1f606be8fab0cb5159b07739a8bffa82a7ff69f7b1685e04eea56010e31a0e0ee3db12726
SHA1 hash:	9b45b485f1380b9d997b2c1360676ba762d86a4f
MD5 hash:	070755f045ab02843947b2a1824b82b1
humanhash:	zulu-purple-lactose-low
File name:	070755f045ab02843947b2a1824b82b1.exe
Download:	download sample
Signature	RaccoonStealer Create hunting rule
File size:	581'120 bytes
First seen:	2020-05-19 06:13:39 UTC
Last seen:	2020-05-19 07:12:45 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f2b20c2b9eed08cfe5b3d0c983afb3d2 (1 x Glupteba, 1 x ArkeiStealer, 1 x RaccoonStealer)
ssdeep	12288:FysA/Tdq+Nj7pC0LYAxbIjfodyA3uR3S+4LY/i+BB:FyHdN7pCqYGI7owyu92LYzP
Threatray	157 similar samples on MalwareBazaar
TLSH	A5C4E10E77EFA862F3520A304D36B6B41E3ABB519D32D1AB135419AF1B715F0862B3D1
Reporter	abuse_ch
Tags:	exe RaccoonStealer

abuse_ch

RaccoonStealer C2:
http://34.105.255.170/gate/log.php

Intelligence

File Origin

# of uploads :

2

# of downloads :

89

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-16 12:28:28 UTC

File Type:

PE (Exe)

Extracted files:

70

AV detection:

29 of 31 (93.55%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=7rizk4uy7gavk7jhaqk7knzcd5xngqytu77vtgbodipygzxtbnea._file

Verdict:

malicious

Similar samples:

1f41788769bed2b7fa9f0d52c257b57eaf17793d6e02d5b4aea4a4a148d72874

61c47bc44d3877e815be609e98f97eb1b79ee1c9215646570d85cc40aa9c1317

6dde139997c94c4a3c9aaf4ce3c8113d67d649c4c5e8bd8da9c5b71a7853e3dd

8092f7adff425c2972f2716e2d31fedb1057c692eb8f0d4ca65d1a97537932a7

a61d49a1253008d99edb3454be53014f5aca06bd41bd70b77ad2266a3579fcbe

af0a3834638be40e679b27b8fe35a494906e3ef293e4ac5b16ceb1d198939d09

bc40a28ee32a60282e95207c4c30c925002bece596c4df3b557e5de06b3246f9

c83c246441fe989317d94896673b0727422e96650cd1fc41f86f57797131a17f

ef3a1f525f383f8d5000a9f6fe4337f3c561ad41157d7cbb1bb2905aea18435c

f351232d2a368a3bb765fd0f79deb286d9d5592a4c892d4a126ee15e9cec6132

+ 147 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-hxpxp5rtte/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of NtCreateProcessExOtherParentProcess

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample