MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 184e98107496e5859dd0f09c42deffffaf0cc9362cc192f0e89bf2c4b20d82fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 184e98107496e5859dd0f09c42deffffaf0cc9362cc192f0e89bf2c4b20d82fd
SHA3-384 hash: 8e899e26a861cdbaf3d0224692c2b0c0ee5a0ee2017be074090aac1c39869e7ac817ee71162c3c073efd19abad5882ca
SHA1 hash: e4fe3aeabdad15c607d32763c91b3b3b5d2175d2
MD5 hash: ebcc280f50fa2595d47df988963bc9e7
humanhash: helium-rugby-stairway-maryland
File name:gpolci.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:113'152 bytes
First seen:2023-03-30 13:28:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 97d41417e1c898a9dc85fb4d98655fda (4 x RecordBreaker)
ssdeep 1536:/ja4qX8uFJQvccqJ4QFn8XwcWwH7Yq8BG8TcdayFtvhV732+oOl8s4PBqZ1zObEg:/jYPQRQmr8YLNL6dzjPAvZjy5g
Threatray 27 similar samples on MalwareBazaar
TLSH T1CFB3C90D96D2B81AC354A8759243E8736B164D7CBCE95DDEADCB8E3221F64502CACFC1
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4505/5/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter 0xToxin
Tags:exe recordbreaker

Intelligence

File Origin
# of uploads :
1
# of downloads :
293
Origin country :
IL IL
Vendor Threat Intelligence
Malware family:
asyncrat
Create hunting rule
ID:
1
File name:
https://cdn.discordapp.com/attachments/1090901267469054064/1090901393449164810/SOC021_203398011214421_REQUERIMIENTO_DE_PAGO_CERTIFICADO_-_Aviso_de_suspension_de_suministro_.rar
Verdict:
Malicious activity
Analysis date:
2023-03-30 09:33:19 UTC
Tags:
trojan rat asyncrat raccoon recordbreaker loader
Link:
https://app.any.run/tasks/aa82409a-d70f-4ecf-b1bf-e7176cd7ba75

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/378836/
Detection(s):
SecuriteInfo.com.Variant.Lazy.320590.3065.8153.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP POST request
Sending an HTTP GET request
Creating a file
Sending a custom TCP request
Reading critical registry keys
Stealing user critical data
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/75772/overview
Behaviour
MalwareBazaar
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/64258e9e8e162174987d84b0/reports/71bf66be-dd6f-4a87-b89e-f9c2f2967d2f/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/184e98107496e5859dd0f09c42deffffaf0cc9362cc192f0e89bf2c4b20d82fd
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ded318ce-d769-42ff-9aa1-53f5520e1dd9
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1205199
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Found potential ransomware demand text
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/184e98107496e5859dd0f09c42deffffaf0cc9362cc192f0e89bf2c4b20d82fd/
Threat name:
Win32.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2023-03-30 13:29:05 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
15 of 22 (68.18%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dbhjqedus3sylhoq6coefxx776xqzsjwftazf4hitpzmjmqnql6q._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
184e98107496e5859dd0f09c42deffffaf0cc9362cc192f0e89bf2c4b20d82fd
RecordBreaker
6ad7834b4af4629c257d41d87c44f0301f514e3228b1b42ca0590c72929e9f93
RecordBreaker
780f69204b13c16f065253cb07609c9671711a9a1695ff4afde1c6c22601863c
RecordBreaker
c036b74eeddde8e6777b1f7653b50fe663e208df6cdbfabcb43e5b0a2cd9fa73
RecordBreaker
d7dbd00ed7ac7cc441643b96aa96a1bc994f64ad20fe2d894f5a51b3d50ab53a
RecordBreaker
e7d9c0d2dd8fb7ea26d12bb4ebeff5987ed55ea0fe1ecf1d586e4c57b95c487a
RecordBreaker
fc89f7167628e95935070f6a72c859da69a91655e72c4d8c8e31fbac73c2d379
RecordBreaker
+ 17 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:89917321cca1a3103abc345737aebd1e discovery spyware stealer
Link:
https://tria.ge/reports/230330-qq8e1sec7x/
Behaviour
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Malware Config
C2 Extraction:
http://51.81.160.184/
Unpacked files
SH256 hash:
184e98107496e5859dd0f09c42deffffaf0cc9362cc192f0e89bf2c4b20d82fd
MD5 hash:
ebcc280f50fa2595d47df988963bc9e7
SHA1 hash:
e4fe3aeabdad15c607d32763c91b3b3b5d2175d2
Detections:
raccoonstealer
Create hunting rule
Link:
https://www.unpac.me/results/d70af86d-5356-4c17-98a1-30e7b5768ea9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/184e98107496e5859dd0f09c42deffffaf0cc9362cc192f0e89bf2c4b20d82fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/378836/

Comments