MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c1226d05d81a2f2f9ed910fff598bd00a0cb7ae43b3793735d45de1f35b838f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c1226d05d81a2f2f9ed910fff598bd00a0cb7ae43b3793735d45de1f35b838f
SHA3-384 hash: a861473770936376c3cb23a1dceba7417cd5099efc3678e2f0d181210d80b8a02cf5f626533cfe128930e1655f54a961
SHA1 hash: be54a1095975f968ad72358f65673c61619f365b
MD5 hash: 5c3d6f9a6b0f26d4ec315a5ee89e0c21
humanhash: indigo-lemon-october-wolfram
File name:5c3d6f9a6b0f26d4ec315a5ee89e0c21.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:6'537'728 bytes
First seen:2022-11-11 22:40:38 UTC
Last seen:2022-11-12 01:02:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2f285ed6f05eae8b1321ad1b364e9c75 (19 x RecordBreaker, 2 x RaccoonStealer)
ssdeep 98304:3s3bmnZ2Ae4274+GXlJVjZoIX5ool/Z9X90bBH975oGDpzE0r7M:83ynZRs7a9ZoIXCoP59qJDpzk
Threatray 995 similar samples on MalwareBazaar
TLSH T18F6623A730544085EBE98CB59437EC7130F54D3B5A80147D38D9BED33832AA9BA2797B
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f0d4d4f0f0f0e2a2 (1 x RecordBreaker)
Reporter abuse_ch
Tags:exe recordbreaker


Avatar
abuse_ch
RecordBreaker C2:
http://93.185.166.95/

Intelligence

File Origin
# of uploads :
2
# of downloads :
160
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
5c3d6f9a6b0f26d4ec315a5ee89e0c21.exe
Verdict:
Malicious activity
Analysis date:
2022-11-12 03:26:38 UTC
Tags:
trojan raccoon recordbreaker loader stealer
Link:
https://app.any.run/tasks/2ae9993f-9a94-422f-a80b-ef32d3fc258d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/332689/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.63524148.13430.28167.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/636ecf8520a0b4943a8efc34/reports/e344065d-20ad-4c3e-9505-ebaf54b46f73/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/e83295a3-7c1e-4fe3-b852-adace29e09c0
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1111585
Signature
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to detect virtualization through RDTSC time measurements
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c1226d05d81a2f2f9ed910fff598bd00a0cb7ae43b3793735d45de1f35b838f/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-11-08 16:23:54 UTC
File Type:
PE (Exe)
Extracted files:
13
AV detection:
28 of 41 (68.29%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bqjcnuc5qgrpf6pnseh76wml2afazn5oiozxsnzv2ro6d423qohq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
27425ab21814acdc92665957ce92f326a46ea99131ef32df83ccaeaaa5228c20
RecordBreaker
6dd1973caebbffefb2df652852376397f00c6e60998620969173d3bb163bed31
RecordBreaker
754d637166838352780c8e0e611a21f4886f98a82cca0c8a32bf1df3e3c35f1f
RecordBreaker
d4169de488369dda6827795dfc9790587125fbe65a3e7ade917c2d2c52c8dd61
RecordBreaker
+ 985 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:a06579c5840e1239c3216b449a693167 discovery spyware stealer
Link:
https://tria.ge/reports/221111-2l4f2sfb4t/
Behaviour
Suspicious behavior: EnumeratesProcesses
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Malware Config
C2 Extraction:
http://93.185.166.95/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/13b0f1b0-92ec-4c74-a90e-97c3c835bcbd
Unpacked files
SH256 hash:
a2ea0c135e7a896712a2d2c2d52ab1fa59da12c4df39f2649c856d85126c66e1
MD5 hash:
62165e4187e8196fa8c63d7333f54ea4
SHA1 hash:
e14c7e15cf36f6d4ba57c506bf5d139ed2d67fac
Link:
https://www.unpac.me/results/f169d1d8-69bc-4278-81b4-3fd21af452f0/
SH256 hash:
0c1226d05d81a2f2f9ed910fff598bd00a0cb7ae43b3793735d45de1f35b838f
MD5 hash:
5c3d6f9a6b0f26d4ec315a5ee89e0c21
SHA1 hash:
be54a1095975f968ad72358f65673c61619f365b
Link:
https://www.unpac.me/results/f169d1d8-69bc-4278-81b4-3fd21af452f0/
Malware family:
RecordBreaker
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/0c1226d05d81/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0c1226d05d81a2f2f9ed910fff598bd00a0cb7ae43b3793735d45de1f35b838f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/332689/

Comments