MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 024942079cc304c42d6d4f0663ec1acfe93684a643847d137f890ed54fa60cb7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 15


Intelligence 15 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 024942079cc304c42d6d4f0663ec1acfe93684a643847d137f890ed54fa60cb7
SHA3-384 hash: 1d3ac2e424b545ce49f9144d40e56a516e9cb12faa6fb96b401684e23a9a2d9db5be2d02f40aecbc20aa6df9308a6539
SHA1 hash: 602597cb8b451eb57da1ae72ca8395e3f21dace5
MD5 hash: c2b885a2a42f552fa4840667eee01e60
humanhash: monkey-georgia-glucose-magazine
File name:c2b885a2a42f552fa4840667eee01e60.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:6'557'184 bytes
First seen:2022-08-22 03:45:37 UTC
Last seen:2022-08-22 04:30:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 937ca6cd69333a6430e6daf1950bd1fe (5 x RecordBreaker)
ssdeep 196608:jrbkZdJZ9+VBbpTwf/kJ/0pRCLiIgR/APqfv:LkdJf+hcf/NCWBRq
Threatray 211 similar samples on MalwareBazaar
TLSH T1816622B3A594C0C5E8A98935C53BEDF970B3AD7DC94588BF6998BCE135330D29206C1B
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 3070d0e8ecf4f9b0 (1 x RecordBreaker)
Reporter abuse_ch
Tags:exe recordbreaker


Avatar
abuse_ch
RecordBreaker C2:
http://188.212.125.115/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://188.212.125.115/ https://threatfox.abuse.ch/ioc/844665/

Intelligence

File Origin
# of uploads :
2
# of downloads :
360
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
c2b885a2a42f552fa4840667eee01e60.exe
Verdict:
Malicious activity
Analysis date:
2022-08-22 03:45:57 UTC
Tags:
trojan raccoon recordbreaker loader stealer
Link:
https://app.any.run/tasks/78f4eb3b-b7c9-4b54-9b5c-1f68990047ee

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RaccoonV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/300116/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.61385324.21098.24575.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/29619/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed wacatac
Link:
https://www.filescan.io/uploads/6302fc44393b1c8c47026310/reports/7aeb2a49-6ddc-4a19-8588-b91ae57a9891/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/2b14b13b-ff00-489d-9196-adcdbc6ac215
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1055266
Signature
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Snort IDS alert for network traffic
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/024942079cc304c42d6d4f0663ec1acfe93684a643847d137f890ed54fa60cb7/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-08-19 14:40:27 UTC
File Type:
PE (Exe)
Extracted files:
12
AV detection:
27 of 41 (65.85%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ajeueb44ymcmillnj4dgh3a2z7utnbfgioch2e37rehnkt5gbs3q._file
Verdict:
malicious
Similar samples:
2b363cc63cf28746e0365b3d25d22e890eec1414ffc4e16e6f078065ab1eb1a2
RecordBreaker
3427583e84dda3d92aab9f9b9050d7cfe9bcb43094acc08f02f0166f310702cc
RecordBreaker
3c1b550a3afa8207c88ee4d267c096d4be36af794174345c5989a94351f62af4
RecordBreaker
57c9630ff4575c0881314c5f31f4177249c84218642cef6c3896fbc6337c380a
RecordBreaker
6887d3d4d5baa135418c2305915c56b448960d03c427f6c63c430465ddaa6547
RecordBreaker
754d637166838352780c8e0e611a21f4886f98a82cca0c8a32bf1df3e3c35f1f
RecordBreaker
93f4ea88e5d2a00916f4c182cda835059b0b405316f340ac03b10a73057db97d
RecordBreaker
c35d4e641adf21bead54611499c416c8e2de75ac9609832d1f32c476140c38d4
RecordBreaker
db0d7b2975ad69353f3bb5b20c8c13c8ca8ab0ab9ae601b350c676a445871a1f
RecordBreaker
e7924441cf355557372d5d058eeb30341f9bb4be80f54449ea66b288d183b928
RecordBreaker
+ 201 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:cc21c891e2eed8b15aaeed13f0e28348 discovery spyware stealer
Link:
https://tria.ge/reports/220822-ebmn8adcb5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Raccoon Stealer payload
Malware Config
C2 Extraction:
http://188.212.125.115/
Unpacked files
SH256 hash:
12a4024df1b66473f05a4ca66f1e15b45dcded2a584b19136d92615798c03fe1
MD5 hash:
48f9563eae6e3ae6b93141d39f4360cc
SHA1 hash:
27a4223eeff773b866a253a6952e396021db886b
Detections:
racoonstealer
Create hunting rule
Link:
https://www.unpac.me/results/1574d696-5d6d-4d68-9224-7857b033fda3/
SH256 hash:
024942079cc304c42d6d4f0663ec1acfe93684a643847d137f890ed54fa60cb7
MD5 hash:
c2b885a2a42f552fa4840667eee01e60
SHA1 hash:
602597cb8b451eb57da1ae72ca8395e3f21dace5
Link:
https://www.unpac.me/results/1574d696-5d6d-4d68-9224-7857b033fda3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/024942079cc304c42d6d4f0663ec1acfe93684a643847d137f890ed54fa60cb7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/300116/

Comments