MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3508674e78e25a2ee057e9e667c73515367d45388a9cfda3358b1ee668cb1798. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3508674e78e25a2ee057e9e667c73515367d45388a9cfda3358b1ee668cb1798
SHA3-384 hash: be1c1222ae40e1a9ee291e2ee606c4d4f81afd6d76d01651cabbf97ca357d0126045693200301081f59f40c7bd7ce4e8
SHA1 hash: cd45d2f073c6fc3c232605f8c1bc02759a2a2ed0
MD5 hash: a92b642fe1a1d8f98152f0d95affc079
humanhash: wyoming-east-low-jig
File name:file
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:148'480 bytes
First seen:2022-12-23 11:11:36 UTC
Last seen:2022-12-26 07:52:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f171bb6c6f6b1d6d32649a265a2ed44a (9 x RedLineStealer, 1 x RecordBreaker)
ssdeep 3072:Ff4lB9JN6cNv5r8B/AgDkIZObemgrAPPISVaMficxnn69qcTtQpO6hB:KXZr8BIUkYOb7AAZVy4n6YgQ5
Threatray 168 similar samples on MalwareBazaar
TLSH T1C3E39E0BBED05661C24EC2FEEC1120B1A52A227253AD8C558F8893C6FD347CE655DBE7
TrID 40.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
16.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
12.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.0% (.EXE) Win32 Executable (generic) (4505/5/1)
5.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter andretavare5
Tags:exe recordbreaker


Avatar
andretavare5
Sample downloaded from https://vk.com/doc151547528_652783413?hash=ejz8DLEvHIyy1CrS4WCYdzIn6KWOImfnBgTvQHzhrYT&dl=GE2TCNJUG42TEOA:1671793007:ZYZbetElNKvvRsJTvU6xxD61wGhMPFqCFjkZZbeNEWD&api=1&no_preview=1#noname15

Intelligence

File Origin
# of uploads :
1'994
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2022-12-23 11:14:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8b5853ed-b5a7-40c8-ac50-a7d5042408cd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Variant.Fragtor.182081.5808.9318.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Searching for synchronization primitives
Сreating synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Creating a file
Reading critical registry keys
Sending a custom TCP request
Stealing user critical data
Unauthorized injection to a system process
Sending an HTTP POST request to an infection source
Sending an HTTP GET request to an infection source
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
anti-debug anti-vm packed
Link:
https://www.filescan.io/uploads/63a58d06a3551bef0b7b687e/reports/dfe3a615-0b99-485a-81a9-54bd5f17a3a8/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/545209ec-a2e5-4e72-8156-2370b2521b64
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1139978
Signature
Allocates memory in foreign processes
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
DLL side loading technique detected
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3508674e78e25a2ee057e9e667c73515367d45388a9cfda3358b1ee668cb1798/
Threat name:
Win32.Trojan.Recordbreaker
Create hunting rule
Status:
Malicious
First seen:
2022-12-23 11:12:08 UTC
File Type:
PE (Exe)
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=guegotty4jnc5ycx5htgprzvcu3h2rjyrkop3izvrmpom2glc6ma._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
1873e78bd7364486ab4b563ca9c58ec76cb75c4acfa48b261d78d85a537c749a
RecordBreaker
260d69ea7e9147cacca89536dc28598a00707c37c568c610d119faa532ac0a8d
RecordBreaker
93cb7dd5d6bfd3d1d2d14b2f9bc1dbc57666343bfd42f289525e0999987c2d7e
RecordBreaker
aa4185102f68d05e1dc41d46e7b65cfb4a12e1f8694b7300264a6044a51f6931
RecordBreaker
ac85235ed7905d82b2cb1571448089b9387f49a2b41091b163fbdde30b0925a8
RecordBreaker
c7e8c1f9dccbb6994c09588f04ec4ebf8db2ab30b3ca1a7951b847475b0e16dd
RecordBreaker
cf1fc3ceacce58e1348ab0335a3b01ccbd0a7b4eb7ee33589eb2f5998d915340
RecordBreaker
d3ebf5179cfeee390848119eac91057385b6746835b80093f47637cb83895b42
RecordBreaker
d8f770f30f9183c128d62fd61e50b2a65d2afbcbbb68d8804803b220d81ef053
RecordBreaker
+ 158 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware
Link:
https://tria.ge/reports/221223-navswagd46/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Loads dropped DLL
Downloads MZ/PE file
Unpacked files
SH256 hash:
11cc4b4d8d4d79ddf72ef244ed8634bb666865d2cad7de8e23a33825fffb52a0
MD5 hash:
e8f6f714bb57444964b2c9244835ccaf
SHA1 hash:
c26f31eacd0ad5eb07aa8956e4a0f9c599732831
Link:
https://www.unpac.me/results/b35cabe9-c664-4dc0-a1a1-d946f3e3956d/
SH256 hash:
3508674e78e25a2ee057e9e667c73515367d45388a9cfda3358b1ee668cb1798
MD5 hash:
a92b642fe1a1d8f98152f0d95affc079
SHA1 hash:
cd45d2f073c6fc3c232605f8c1bc02759a2a2ed0
Link:
https://www.unpac.me/results/b35cabe9-c664-4dc0-a1a1-d946f3e3956d/
Malware family:
RecordBreaker
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/3508674e78e2/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3508674e78e25a2ee057e9e667c73515367d45388a9cfda3358b1ee668cb1798

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by

Comments