MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28c1edc4fa9f29fde994540cd25402fd47d46404eb1ebbfc0fc0a245bf03bd04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RecordBreaker

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	28c1edc4fa9f29fde994540cd25402fd47d46404eb1ebbfc0fc0a245bf03bd04
SHA3-384 hash:	b8147b01dfc4e10a2f72cc26e76bc5458bc2f150ac4a41f6bd033d1302187f901a3bc186d52c3c6d3c8ea53c8c635a41
SHA1 hash:	6346de8a68910ffda532d3bec4fa787bca2b7805
MD5 hash:	ea4aca43d2bd6657beacbcb4fa86531e
humanhash:	kilo-helium-failed-crazy
File name:	file
Download:	download sample
Signature	RecordBreaker Create hunting rule
File size:	6'594'048 bytes
First seen:	2022-10-28 13:26:06 UTC
Last seen:	2022-10-28 19:23:20 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b5af53b96a03972def1a5f287c0c1d5c (23 x RecordBreaker, 8 x RaccoonStealer)
ssdeep	98304:fH84nlR1uY7axigxCJLuqUF/kSC60qxF/D11rJ9QEQAors60bfQZgiMFZWk72vA:fLR1t7XmCJChsQ/BZID14dr12
TLSH	T18E66F132716832CEF9F798B5411F686826B31FB705ADBE3D249677B01A61371F102E22
TrID	32.2% (.EXE) Win64 Executable (generic) (10523/12/4) 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 13.7% (.EXE) Win32 Executable (generic) (4505/5/1) 6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	59b764c48081f072 (3 x RecordBreaker)
Reporter	andretavare5
Tags:	exe recordbreaker

andretavare5

Sample downloaded from https://vk.com/doc733883836_657730802?hash=2gWGFkZYPOkWTJeRczXucEcn6p3upktchH5zLroaFgz&dl=G4ZTGOBYGM4DGNQ:1666963285:z8YGPAxVmoU9rMMiRgzaJj01YsOF2zkjQ3Zu1ngG1Q4&api=1&no_preview=1#giu1

Intelligence

File Origin

# of uploads :

112

# of downloads :

312

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

raccoon

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2022-10-28 13:26:36 UTC

Tags:

trojan raccoon recordbreaker

Link:

https://app.any.run/tasks/bc939992-d8ca-4f90-99d8-897794301819

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/325538/

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.26057.25147.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a file in the system32 subdirectories

Creating a file

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/46358/overview

Behaviour

MalwareBazaar

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/635bd8a7736e9d884f0d751e/reports/f95495ee-58e5-4b60-9e5c-7c5f02388bff/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/ae8ee8b5-c16f-439d-a377-7afdc417cf97

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1100391

Signature

Machine Learning detection for sample

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Tries to detect virtualization through RDTSC time measurements

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/28c1edc4fa9f29fde994540cd25402fd47d46404eb1ebbfc0fc0a245bf03bd04/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-10-28 14:23:46 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

17 of 24 (70.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fda63rh2t4u732mukqgnevac7vd5izae5mplx7apycrelpydxuca._file

Verdict:

malicious

Label(s):

raccoon

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/221028-qp3s5sffc9/

Behaviour

Suspicious behavior: EnumeratesProcesses

Gathering data

Unpacked files

SH256 hash:

3d2fbf50ba2c220cbea82ab9eefa89d76f2295c78b75d49f05cae91416575a9c

MD5 hash:

fc2fdb0a629eb9d67996d26fbb740c80

SHA1 hash:

e8e31fbfa472a4476ce6737c1d4f0ddacbc7a107

Link:

https://www.unpac.me/results/b152a0fb-d4b7-4c71-94d6-5c551daf7c11/

SH256 hash:

28c1edc4fa9f29fde994540cd25402fd47d46404eb1ebbfc0fc0a245bf03bd04

MD5 hash:

ea4aca43d2bd6657beacbcb4fa86531e

SHA1 hash:

6346de8a68910ffda532d3bec4fa787bca2b7805

Link:

https://www.unpac.me/results/b152a0fb-d4b7-4c71-94d6-5c551daf7c11/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/28c1edc4fa9f29fde994540cd25402fd47d46404eb1ebbfc0fc0a245bf03bd04

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/325538/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample