MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b9c963e21392ff02e0a6786a406519f50bb4a3d25a4dfa3f1643960424bde76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 16


Intelligence 16 IOCs 1 YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b9c963e21392ff02e0a6786a406519f50bb4a3d25a4dfa3f1643960424bde76
SHA3-384 hash: b86cc1ec665cf1e8a3e010aa9a72dc484d0f38260e16ab52654c9b5c19e94b392a4428d18e020d1cc41a856118d323d0
SHA1 hash: e1d3d2c1e4ffc8153604d7d41a76ac3fc1322dca
MD5 hash: fcc1b1e3e5609874ff90598bc61e8562
humanhash: table-oven-idaho-july
File name:fcc1b1e3e5609874ff90598bc61e8562.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:62'464 bytes
First seen:2022-10-09 07:32:56 UTC
Last seen:2022-10-09 09:25:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c5c36a515b13d54501168b24d2b48063 (15 x RecordBreaker)
ssdeep 768:G3hBdh98zo8hUzAMgRt5O9hDtqCD+4yNdQiEw6ZjqZeS6ReUhSC:AdMzAzjavO9uG+NNdQ4MGQRhv
Threatray 715 similar samples on MalwareBazaar
TLSH T11153F885F4A36407F18344741FF42A6AC78EFF327CAC7943674F6791A2604B14B5BAA2
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:exe recordbreaker


Avatar
abuse_ch
RecordBreaker C2:
http://185.51.247.56/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://185.51.247.56/ https://threatfox.abuse.ch/ioc/872462/

Intelligence

File Origin
# of uploads :
2
# of downloads :
436
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RaccoonV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/318003/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.34590.3206.30970.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/42087/overview
Behaviour
MalwareBazaar
CheckMutex
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed raccoon racealer shell32.dll
Link:
https://www.filescan.io/uploads/6342792ea6822b595a50a4a4/reports/447fabe8-53fb-4319-ab4c-f45521ef67d1/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ad3d62d4-ca45-45d0-9fde-ca3c454a94eb
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1086449
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Multi AV Scanner detection for submitted file
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2b9c963e21392ff02e0a6786a406519f50bb4a3d25a4dfa3f1643960424bde76/
Threat name:
Win32.Trojan.Raccoon
Create hunting rule
Status:
Malicious
First seen:
2022-10-08 19:26:45 UTC
File Type:
PE (Exe)
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=foojmprbhex7alqkm6dkibsrt5ilwsr5ewsn7i7rmq4waqsl3z3a._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
15f34133a747b4493e5a5ca3ac04a6bf9823bb5841884f5cab8ccf086c8ba13e
RecordBreaker
27425ab21814acdc92665957ce92f326a46ea99131ef32df83ccaeaaa5228c20
RecordBreaker
80bf09424e359558567c85c94e70c8ee4c13d2676f4d52b694da1692c34f0f06
RecordBreaker
aa39655b046e5dff029236ee67d80d3106f2e05f11bd3ee1ebeb41d40321c988
RecordBreaker
df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee
RecordBreaker
ea902470772ae28793614f759b824e7c86e0cb23701fd282c0effd30d23c56ce
RecordBreaker
f93ba32f22e747dec19ebdf57fc8b1f775feca04f70a69d0660b905956b246f4
RecordBreaker
+ 705 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:bd3a3a503834ef8e836d8a99d1ecff54
Link:
https://tria.ge/reports/221009-jdhkhagef3/
Malware Config
C2 Extraction:
http://185.51.247.56/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/38265b02-8dac-4012-989e-5af3048e0f54
Unpacked files
SH256 hash:
2b9c963e21392ff02e0a6786a406519f50bb4a3d25a4dfa3f1643960424bde76
MD5 hash:
fcc1b1e3e5609874ff90598bc61e8562
SHA1 hash:
e1d3d2c1e4ffc8153604d7d41a76ac3fc1322dca
Detections:
raccoonstealer
Create hunting rule
win_recordbreaker_auto
Create hunting rule
Link:
https://www.unpac.me/results/6db30fbe-a44c-483f-b781-4c269c30d178/
Malware family:
RecordBreaker
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2b9c963e2139/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.52
Link:
https://yomi.yoroi.company/submissions/2b9c963e21392ff02e0a6786a406519f50bb4a3d25a4dfa3f1643960424bde76

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:RaccoonV2
Create hunting rule
Author:@_FirehaK <yara@firehak.com>
Description:This rule detects Raccoon Stealer version 2.0 (called Recordbreaker before attribution). It has been spotted spreading through fake software cracks and keygens as far back as April 2022.
Reference:https://www.zerofox.com/blog/brief-raccoon-stealer-version-2-0/
Rule name:recordbreaker_win_generic
Create hunting rule
Author:_kphi
Rule name:win_recordbreaker_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.recordbreaker.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe 2b9c963e21392ff02e0a6786a406519f50bb4a3d25a4dfa3f1643960424bde76

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2354357/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/318003/

Comments