MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06c332c357f1056b017c1925d8d7f02af5a2c2d86b72d0c6e7cfe23221f753a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06c332c357f1056b017c1925d8d7f02af5a2c2d86b72d0c6e7cfe23221f753a5
SHA3-384 hash: 258fe5beb63dcc6092e460795a11be28b4f4540906bd3a0c6a40a3b3ca8aa2e9b9999ac7d02f3699f75aa26f2abaa73b
SHA1 hash: 5a1af69024f4206334b0a1285045013d85f0c5ed
MD5 hash: 13ea7811b0456ef5ca8b01eab1c5e7b9
humanhash: yankee-mountain-fanta-table
File name:13ea7811b0456ef5ca8b01eab1c5e7b9
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:6'599'680 bytes
First seen:2022-11-14 14:20:48 UTC
Last seen:2022-11-14 16:43:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2f285ed6f05eae8b1321ad1b364e9c75 (19 x RecordBreaker, 2 x RaccoonStealer)
ssdeep 196608:cLqcXfHfxUpgjr/iUI7NCYmqVeB88we+:MPHf7j5I7osOM
Threatray 924 similar samples on MalwareBazaar
TLSH T10666233372F55196E1E4EC328527FEE132F64E2DCEC179BED1C66AC109228D09617A87
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 64fcc4e6b298dce4 (1 x RecordBreaker)
Reporter zbetcheckin
Tags:32 exe recordbreaker

Intelligence

File Origin
# of uploads :
2
# of downloads :
244
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
13ea7811b0456ef5ca8b01eab1c5e7b9
Verdict:
No threats detected
Analysis date:
2022-11-14 14:25:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/620df3ae-0012-4364-a90c-9d4752f46f50

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/333802/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.27583.30053.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/52353/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed raccoon
Link:
https://www.filescan.io/uploads/63724ecef513af64a644ffcb/reports/cfe650bc-ad8d-4d9c-927a-ad28e931ca8c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/51f731fa-2735-4161-b696-e0d3cb36f104
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1112942
Signature
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to detect virtualization through RDTSC time measurements
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/06c332c357f1056b017c1925d8d7f02af5a2c2d86b72d0c6e7cfe23221f753a5/
Threat name:
Win32.Infostealer.Raccoon
Create hunting rule
Status:
Malicious
First seen:
2022-11-14 14:21:16 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
19 of 25 (76.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a3btfq2x6ecwwal4des5rv7qfl22fqwynnznbrxhz7rdeipxkosq._file
Verdict:
suspicious
Label(s):
raccoon
Create hunting rule
Similar samples:
0265914b01090e1992ecd3173fc88ebf5165c41c5268665cef951b4ef0a595b2
RecordBreaker
28c1edc4fa9f29fde994540cd25402fd47d46404eb1ebbfc0fc0a245bf03bd04
RecordBreaker
43b95532737d0ccc0b957d1ab3e6ba4310b4618eec3fa485736b8f0a35cb157c
RecordBreaker
6c4bfcef3dff8cb37c8fd96dc027a6df5b875e140b2b5f1f7b95764b7cae61c9
RecordBreaker
72da013062ea0fd8acf955c4517f8998fef0f6f6d467c9610f8d9b5f77169f57
RecordBreaker
81ae7aea498cdd4d50470b3dcd54088d7bce5bf5f6019b08d9d558acd190cb4d
RecordBreaker
e7969bb05ced6f845e1e44adef01ad129cabca8fff70256f2dbce1a03b6b4e59
RecordBreaker
f7f0261df8a81b3c20be78b7648aa46cdba62f08e9e770aa0c4e9fbe8d52624f
RecordBreaker
+ 914 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:dfe1999bde762b0024dbf679051d95f6 stealer
Link:
https://tria.ge/reports/221114-rny91agd7y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Raccoon
Malware Config
C2 Extraction:
https://45.142.212.215
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d5f8ed1b-7345-4419-86b1-35780a2c8639
Unpacked files
SH256 hash:
8f4f69220c3e70bfee5d9d91b1a4be0b2864d476f737fbf43f477e67eff6fb9c
MD5 hash:
7751af50a5a9bded642ae545911b4754
SHA1 hash:
7899e5816271766b1db634ddffc3a253a9a29976
Link:
https://www.unpac.me/results/bd1aa90f-c8f9-4eb5-8c16-7859efcf416a/
SH256 hash:
06c332c357f1056b017c1925d8d7f02af5a2c2d86b72d0c6e7cfe23221f753a5
MD5 hash:
13ea7811b0456ef5ca8b01eab1c5e7b9
SHA1 hash:
5a1af69024f4206334b0a1285045013d85f0c5ed
Link:
https://www.unpac.me/results/bd1aa90f-c8f9-4eb5-8c16-7859efcf416a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/06c332c357f1056b017c1925d8d7f02af5a2c2d86b72d0c6e7cfe23221f753a5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe 06c332c357f1056b017c1925d8d7f02af5a2c2d86b72d0c6e7cfe23221f753a5

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2410695/
Cape
Cape
https://www.capesandbox.com/analysis/333802/

Comments


Avatar
zbet commented on 2022-11-14 14:20:56 UTC

url : hxxp://77.73.134.245/lego/inberiwdbvsidt.c.exe