MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff2ba7a304d3bc20641fbcd1dccf30e1e56de316af53df36f64fd85b8396d145. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaccoonStealer


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff2ba7a304d3bc20641fbcd1dccf30e1e56de316af53df36f64fd85b8396d145
SHA3-384 hash: afc8d67cb46c13b1092de46bb2644a6d3339c641be14b979dca81b97479e1241e221f8ef73ba651b72c8f3ff8c1dc46f
SHA1 hash: 37c46afe734fae3bd6210e383be8d83920fe8706
MD5 hash: c0fc829200efabc9b1124973f98da1f8
humanhash: nine-steak-item-robin
File name:c0fc829200efabc9b1124973f98da1f8.exe
Download: download sample
Signature RaccoonStealer
Create hunting rule
File size:761'344 bytes
First seen:2022-08-31 18:26:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 33c041c6709d4656dd03aa43c914e36b (1 x RaccoonStealer)
ssdeep 12288:N/1tTk46QbqKYT7PCsj9wptoOgIBbh5MpUAvRfJc0dT+k9h23XBDjSPA7G:N9xn628P9j0WOgIJh5M9JcKKk9BPA7
TLSH T145F46C22B2F58733C2721A7D8D7B5378982ABE113D38A94A3BF50D8C4E3964175353A7
TrID 68.5% (.EXE) Win32 Executable Borland Delphi 7 (664796/42/58)
27.0% (.EXE) Win32 Executable Borland Delphi 6 (262638/61)
1.4% (.EXE) Win32 Executable Delphi generic (14182/79/4)
1.3% (.SCR) Windows screen saver (13101/52/3)
0.4% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter abuse_ch
Tags:exe RaccoonStealer recordbreaker

Intelligence

File Origin
# of uploads :
1
# of downloads :
338
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/306975/
Detection(s):
SecuriteInfo.com.Variant.Tedy.195660.4718.4728.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/36212/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware keylogger
Link:
https://www.filescan.io/uploads/630fa8853e9e50b1baf0f3f6/reports/97b708c0-c712-4a6c-8194-98ea13eb651e/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/be29b63c-1523-48ec-b3b5-1af471263f7b
Result
Threat name:
CryptOne, Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1061862
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff2ba7a304d3bc20641fbcd1dccf30e1e56de316af53df36f64fd85b8396d145/
Threat name:
Win32.Trojan.RaccoonSteal
Create hunting rule
Status:
Malicious
First seen:
2022-08-31 18:27:20 UTC
File Type:
PE (Exe)
Extracted files:
68
AV detection:
19 of 39 (48.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=74v2piye2o6caza7xti5ztzq4hsw3yywv5j56nxwj7mfxa4w2fcq._file
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:afb5c633c4650f69312baef49db9dfa4 discovery spyware stealer
Link:
https://tria.ge/reports/220831-w3q96abhb3/
Behaviour
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Malware Config
C2 Extraction:
http://193.56.146.177
Unpacked files
SH256 hash:
494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab
MD5 hash:
7a2bee524416775d2d9fe309502a1cc3
SHA1 hash:
7fcfc20753c394a6d0cdf65463462581cf4cbde5
Detections:
win_recordbreaker_auto
Create hunting rule
raccoonstealer
Create hunting rule
Link:
https://www.unpac.me/results/7ef75dc9-76eb-4f92-9783-bc577d55cbb1/
Parent samples :
9ceb1e76aecc689b44fa7c4e8068ec28c3b185d1619be34586167cf662887503
494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab
0aae4f734962cba43eda599dbff153929a18ce45e814176b5e37998858c70515
0fa60d79f881f8616d2b92c02874f6f2a5c16b216b1e256fc31c176355b5c076
79ff85f42095cb721a36127f3e837a5e45a53645398215da960e15308879a58f
f3d62ca6b2dfd77bd362dc1f4ec6e99bb43302e82583e6e8dce38df9ea1f6fe5
9f6b69057e19a7fd08aab0b2df861a65337207dcfac2d6fbd0d1c0a2b75670e7
9a62e6ee0e71139a8e68a6092c27deb32077a27980c767a44cd5138ffcdca837
463e7bb6693b947b343cd1ba77247bc8e6504a1fe80f36cdf2a3d7d345e15fd3
cd846ec4ec9c0f6e6078d73b1e32b2488179f597307bcdf1777388192e916d54
1f79aa9ab7e50e55cfe06f5b664ba294bf0817883cebce3f3e40854d10f3e1fd
7211d3bb001d5f3c7d8ed55a060654b5709ae910dc453bfb5f364f9ba596ec6f
f83ae75024d271081643464b5429c11911f92fffa744c4023ba65fa35eafd304
d7df519b026cb5fa1706f96d0c6fe548b6099d09b2a7c70c4fb8672009c94fa0
de35d079d23fe6050502c88b2b40633f4518132df910c7100e000c4b7bcee167
7f9507e2305941a7263daeba121ce8a83c91bdbe5ad7df94a9dfc0ab4158271f
4dea58b34e8a877055eb0b1dddd4748de1764ae9540312a479a0d631853b08e3
f6209e164201390a6e2336de76bc71895df803269a36eb045e64a9aee06b6f20
802fd11db464f889f4d17c37c9f023486ec48967df5880628ecfd239f6f7fdfb
295feaaf0a90a4df1f8643cb800ffe05dff51c87727c93898643d500259606a4
800669c02f5914ebfae285f810179c5a68c98a680dd8b97fd700f86f048faca4
1dd402d450c484140663b57c516ca68b10f31976f324f268ac6e564c6ca177af
252b3ba4160da0cf2275f04387d99315af1b336c66b012f450f97ec5ff1b74bd
4779dc9604edf78283c8678f2ce449705b85d1bc3975db3b02ab9075726b46e9
4c60aa3ed60829ddc6f9b9f078c2e9bd8ae7df3dfcb746f8490aab0815b0852c
ee1946273f2fe267a5f780f37a81c32eb557496da6c5c1b75963a578d5d737b6
c1b694fc1a8292381f26293bd47a8093c49d48874937be131fa2e8f35e847b58
4c8662f187b984c7ad509d766d9514542f26ec38e8961097dd17282f0e7c6a1d
e477c654725e056128fd3e6fe47075a3df2251aa45250b97d6d5cfbcb8552cb4
981089760bad47a4ba4546eddf7055e44592ec68be1cc184e1aee10556ec15fc
db0d7b2975ad69353f3bb5b20c8c13c8ca8ab0ab9ae601b350c676a445871a1f
860bd44b97b4dd0bdf34a0f9fef5dd5b42c29bfb700a27ad0855017f4ea60252
99177850baae88bf8d45b0237ba630db6c4dc038ff10677648cee5bc553b0f9d
dfd41e5d98b8e1593cfe0e057deeaef7ff104f9e4698bfde909f1e72e36820fc
13f8728b95a9ca527c725c440726814ffbc88eeaf9323e50958fa3a8df969372
2df90fe6cea8c31e8c59ae207f8fef3aba216956dabfd0f703ec43fb43dc8e4b
ec16bf461e6e9b1e838755954d893e34f79260be2885e5a3aaf171b2886b8706
1800a59347a0968cadae0d92bb90c8b0ea3ece7d29b519ef950c5e3c483b85b8
6c01787028eb296e0197ca946880c6b1a561861d849ef800f9a7f43d9747099d
5b2ab4ffea1cff5682bda68c57ea34aaa0e24f1ec56ad1113289c7673f3ea306
b1092962ac50c7f6d137c97ee1a1b3ca04ae80a05732d2852b91c75496b6427b
86360aa8ab41f3de1ba20cad54f2567c0d5994a20d5b58d0b71aa42c545bb9f8
6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115
bdbd5a0fb6a3ab99f0cfa3cee7e3f7f8f7ec078eeb628aadfb8a32a5df2be3b9
dd0145067f81bf5aff9a7ee7eb56c11a98a5f69a9bdbc36744919ee49890de5a
0afcea05106a649eae4e8bd387f73f6e54f126afc2b89f47d8f43bcf8732bfc7
76211baaff253bcbad2cfd8be73a7c79e1994161c81b344465f32426b7e81081
d2f5c2cb867f4bac760a3ecb44e02b309ea9627a239ac2f99c1013df34d3c667
163b3084ff6608e6b565e9d4b22489a2ff2d9216cd5e08333477ca966a3456d0
8c8ec3293d0d2e2f3fbb863b371083b6cccaba457ba164aa47ed3a35ff2dc51e
07934cba01c76edfad9112b736a866c486ccfd635b4e77285f9d8dceb7c5f2dd
fa179d9f959aa3c1973ffdf6660cfe5cff0bf2f1c91b38d6f05702a2290c9509
dd189281ff76fef82189e4db73599520105fcddcecaa1ca772461c55960228db
4e343d0b39e50e11b2bb9750f305733c40a4ae122a767528a027a2bc969d68fc
2e838279cd0411e4ce8af6e7ee0dd8ea22d54a049fc7e0a77e64952ba8788d1a
d159eb33e1b993f0c9556f0993f1d1747957540b25fd342667efb6a99a515ddf
ff2ba7a304d3bc20641fbcd1dccf30e1e56de316af53df36f64fd85b8396d145
SH256 hash:
ff2ba7a304d3bc20641fbcd1dccf30e1e56de316af53df36f64fd85b8396d145
MD5 hash:
c0fc829200efabc9b1124973f98da1f8
SHA1 hash:
37c46afe734fae3bd6210e383be8d83920fe8706
Link:
https://www.unpac.me/results/7ef75dc9-76eb-4f92-9783-bc577d55cbb1/
Malware family:
CryptOne
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ff2ba7a304d3/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ff2ba7a304d3bc20641fbcd1dccf30e1e56de316af53df36f64fd85b8396d145

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaccoonStealer

Executable exe ff2ba7a304d3bc20641fbcd1dccf30e1e56de316af53df36f64fd85b8396d145

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2263228/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/306975/

Comments