MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28a08faeade7234ec9b0e78b780c1787137581641c57ef6e8088d314b447751a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RecordBreaker

Vendor detections: 15

Intelligence 15 IOCs YARA 1 File information Comments

SHA256 hash:	28a08faeade7234ec9b0e78b780c1787137581641c57ef6e8088d314b447751a
SHA3-384 hash:	112e4de09446d1b662df32fdbcd177e21998fc402eccc77bc007dc017032ef3fa20ba746100571e32dc197904f8383df
SHA1 hash:	e30bdda770c6f13a370f4858299b064b9dc58fac
MD5 hash:	95f70460434d32448cfb8e78e77edb14
humanhash:	missouri-washington-floor-georgia
File name:	95f70460434d32448cfb8e78e77edb14.exe
Download:	download sample
Signature	RecordBreaker Create hunting rule
File size:	279'552 bytes
First seen:	2024-01-15 07:45:23 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1d53e2bb204b1531bc66fb5a5f6443a4 (1 x Glupteba, 1 x CoinMiner, 1 x RecordBreaker)
ssdeep	3072:yRxm2/NDzdE3AlymGqo8bMufXYcNEFyxWvdOD5oF1KDsBTgn:yRxd/NDzmMymFBbMuDeFyxSpPUsBT
TLSH	T15054F743B2E13D42ED264B729E3ED6F8768DF6558E893769212B9F1B0BB0072D163710
TrID	34.8% (.CPL) Windows Control Panel Item (generic) (57583/11/19) 25.1% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 18.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 6.3% (.EXE) Win64 Executable (generic) (10523/12/4) 3.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):
dhash icon	0008100804020000 (1 x RecordBreaker)
Reporter	abuse_ch
Tags:	exe recordbreaker

abuse_ch

RecordBreaker C2:
http://185.16.39.253/

Intelligence

File Origin

# of uploads :

# of downloads :

394

Origin country :

Vendor Threat Intelligence

Detection:

Raccoon

Link:

https://www.capesandbox.com/analysis/470881/

Detection(s):

Win.Packer.pkr_ce1a-9980177-0

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

azorult glupteba mokes packed

Link:

https://www.filescan.io/uploads/65a4e2bc8369fab94dee4890/reports/0f2ceae9-316b-4f0e-a27b-48cacc392aa7/overview

Verdict:

Malicious

Labled as:

Mint.Zard.Generic

Link:

https://www.hybrid-analysis.com/sample/28a08faeade7234ec9b0e78b780c1787137581641c57ef6e8088d314b447751a

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/5012c06d-36e8-4959-842b-801bb94daaa9

Result

Threat name:

Raccoon Stealer v2

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1374639

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to delay execution (extensive OutputDebugStringW loop)

Yara detected Raccoon Stealer v2

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/28a08faeade7234ec9b0e78b780c1787137581641c57ef6e8088d314b447751a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/28a08faeade7234ec9b0e78b780c1787137581641c57ef6e8088d314b447751a/

Threat name:

Win32.Spyware.Raccoonstealer

Status:

Malicious

First seen:

2023-12-20 16:34:12 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 24 (91.67%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fcqi7lvn44ru5snq46fxqdaxq4jxlaledrl663uardjrjnchouna._file

Verdict:

malicious

Label(s):

raccoon

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:afed87781b48070c555e77a16d871208 stealer

Link:

https://tria.ge/reports/240115-jly78abhhn/

Behaviour

Program crash

Raccoon

Raccoon Stealer V2 payload

Malware Config

C2 Extraction:

http://185.16.39.253:80/

Unpacked files

SH256 hash:

aa1b0b2f6f06f622abf2128ecafed1929682221c5ff4dd2426f16b9ae272fdf9

MD5 hash:

7fbe056c414472cc2fcc6362bb66d212

SHA1 hash:

0df63fe311154434f7d14aae2f29f47a6222b053

Detections:

win_recordbreaker_auto

INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

MALWARE_Win_RaccoonV2

Link:

https://www.unpac.me/results/3cea9f81-133e-418c-9e97-36941e69e345/

Parent samples :

28a08faeade7234ec9b0e78b780c1787137581641c57ef6e8088d314b447751a
aa1b0b2f6f06f622abf2128ecafed1929682221c5ff4dd2426f16b9ae272fdf9

SH256 hash:

28a08faeade7234ec9b0e78b780c1787137581641c57ef6e8088d314b447751a

MD5 hash:

95f70460434d32448cfb8e78e77edb14

SHA1 hash:

e30bdda770c6f13a370f4858299b064b9dc58fac

Link:

https://www.unpac.me/results/3cea9f81-133e-418c-9e97-36941e69e345/

Malware family:

RecordBreaker

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/28a08faeade7/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/28a08faeade7234ec9b0e78b780c1787137581641c57ef6e8088d314b447751a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.