MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 014f1095275f696acb0a246c938bfb1736c80d8e1e00536a22bfd2e490173ca3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RecordBreaker

Vendor detections: 10

Intelligence 10 IOCs YARA 1 File information Comments

SHA256 hash:	014f1095275f696acb0a246c938bfb1736c80d8e1e00536a22bfd2e490173ca3
SHA3-384 hash:	4c5c2b095740ff9b50eee7913d2c60a15a97968ce2409699e148bd3ea6fef70dd86c12835583721f057c9c5dafd05db9
SHA1 hash:	f62e85d3beec4ea5a84ca4dc15d0a54c2ada628a
MD5 hash:	e250f38a72f8bf5a622d122112f1c14f
humanhash:	pizza-louisiana-harry-princess
File name:	SecuriteInfo.com.Trojan.GenericKDZ.90106.4159.8841
Download:	download sample
Signature	RecordBreaker Create hunting rule
File size:	234'496 bytes
First seen:	2022-07-23 20:38:22 UTC
Last seen:	2022-07-23 21:35:40 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	141a0a3180d3b20844cf82942ed079e7 (3 x RecordBreaker, 2 x Stop, 1 x RaccoonStealer)
ssdeep	3072:znHsgsYJUNkHmct5MYoXTovy9f721ACnAFYsxkgaBChcpZa9uD6VdyhkR:zHtrGKiY0TzV21doigafwVf
Threatray	46 similar samples on MalwareBazaar
TLSH	T1CD34BE1277A08872E0762D3058B5DAB1172BBC23AB30654BF792776E2E733D05A76353
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	c01edecea68c8ccc (154 x RedLineStealer, 98 x Smoke Loader, 36 x Stop)
Reporter	SecuriteInfoCom
Tags:	exe recordbreaker

Intelligence

File Origin

# of uploads :

# of downloads :

530

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/293733/

Detection(s):

SecuriteInfo.com.Trojan.GenericKDZ.90106.4159.8841.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/27225/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

CheckCmdLine

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/62dc5ce8ef2b0e63a836a2bf/reports/8d3827ec-d8be-49b5-83d6-266adbcce503/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/1ec24a25-5043-4d27-abac-14448afc43e4

Result

Threat name:

Raccoon Stealer v2

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1039854

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Yara detected Raccoon Stealer v2

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/014f1095275f696acb0a246c938bfb1736c80d8e1e00536a22bfd2e490173ca3/

Threat name:

Win32.Trojan.Pwsx

Status:

Malicious

First seen:

2022-07-23 20:39:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

18 of 26 (69.23%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=afhrbfjhl5uwvsykerwjhc73c43mqdmodyafg2rcx7jojeaxhsrq._file

Verdict:

malicious

RecordBreaker

1d128ffc3927d02e3393da5e27d2557766f82df921b09d42603b08d5724e9e9a

RecordBreaker

287dc092e02a5c76b02c4142357f6a4a5c9a420430b616a1d14dfe0266875ecd

RecordBreaker

379f0a0338acd2c1cb5561c09a703659c12a64d7d6f344e554fef4e5208b495f

RecordBreaker

39f1a98ab29664ef492b052c44f6ea76148d75baaf55b7b037cc0575eb8b25d4

RecordBreaker

3e85b31ff1780031f94570fc9801b6a886564a4caa2acc360d2c65f29b22dbb5

RecordBreaker

691de13efede839b6f009ef91cd90570cc953543ff01fcb1a06f07854f06a9d5

RecordBreaker

b7cea1f983cf8ed41120e2d4a17b7fe2ec6693d2d990172568cdbbd6b9fbd319

RecordBreaker

c6d4500d19092b123a80369430e15d353a49b628e28f8f6ecab46809e8ac8938

RecordBreaker

c84144dfbfc61aeea4cbaf014690a98fe1a55d863a5d4aa7786efc30613b7fe7

RecordBreaker

+ 36 additional samples on MalwareBazaar

Gathering data

Unpacked files

SH256 hash:

86a4cff16caeed1362618aee916a2333dd8b1b066a614aa202ce31c7f87de27b

MD5 hash:

134b6536451b345629f9893be5a848e9

SHA1 hash:

57d8ffd416c9f27789c6f7f7018f9752f8d751d6

Link:

https://www.unpac.me/results/5b89ad9d-d294-4029-815d-17c5de624869/

SH256 hash:

014f1095275f696acb0a246c938bfb1736c80d8e1e00536a22bfd2e490173ca3

MD5 hash:

e250f38a72f8bf5a622d122112f1c14f

SHA1 hash:

f62e85d3beec4ea5a84ca4dc15d0a54c2ada628a

Link:

https://www.unpac.me/results/5b89ad9d-d294-4029-815d-17c5de624869/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/014f1095275f/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/014f1095275f696acb0a246c938bfb1736c80d8e1e00536a22bfd2e490173ca3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.