MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 13


Intelligence 13 IOCs 1 YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab
SHA3-384 hash: e6ab7b4fb07224b84576dfb4fbbda3762a886461cac0411fb8302e424d16173bd8e9d18ad758d1311833c70cb4189c44
SHA1 hash: 7fcfc20753c394a6d0cdf65463462581cf4cbde5
MD5 hash: 7a2bee524416775d2d9fe309502a1cc3
humanhash: venus-grey-bakerloo-glucose
File name:494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:57'856 bytes
First seen:2022-08-10 05:12:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 94482195a14b2f0ff3fd77f07609274d (8 x RecordBreaker, 1 x RaccoonStealer)
ssdeep 768:BfOKi+7erib7i6DcJKUU1HTbqHymKYGkXFnGeAwb2cDMaTji5w4AfY1WABS9MZmk:1ev2XW8x91WSSI15rJCvUnGlJworQ
Threatray 151 similar samples on MalwareBazaar
TLSH T1A443088A55C6AC23C1A244BC62CF7626CBDFED03EA15E04F37461B877BE065185193EB
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter FirehaK
Tags:exe RaccoonStealer recordbreaker

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://193.56.146.177/ https://threatfox.abuse.ch/ioc/842162/

Intelligence

File Origin
# of uploads :
1
# of downloads :
337
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab.exe
Verdict:
Malicious activity
Analysis date:
2022-08-10 05:15:41 UTC
Tags:
trojan raccoon recordbreaker
Link:
https://app.any.run/tasks/b58499d9-84b1-4265-8fe3-2aafe7ac86ba

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/297533/
Detection(s):
SecuriteInfo.com.Variant.Lazy.205506.25883.558.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/28487/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed shell32.dll
Link:
https://www.filescan.io/uploads/62f33ed8080024921b64ed9c/reports/489d39ba-912d-4468-960d-95ecdbec823b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c48cf557-4e3b-43e9-8f5a-0f7653c11691
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1049017
Signature
Antivirus / Scanner detection for submitted sample
Snort IDS alert for network traffic
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab/
Threat name:
Win32.Trojan.Raccoon
Create hunting rule
Status:
Malicious
First seen:
2022-08-10 05:13:06 UTC
File Type:
PE (Exe)
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jfflis5zmu37zcr6qmxdz4bswbmzkapznjucebn4i3m3o5cnkkvq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
014f1095275f696acb0a246c938bfb1736c80d8e1e00536a22bfd2e490173ca3
RecordBreaker
13a0b3e462a014b605489df82b082618b64d7292140bbfdbb7b58e683cb80b3b
RecordBreaker
22539844faca3d0029a5421ecc146979eb16ac4257fe8011a84f0686052f5b19
RecordBreaker
34e7a32e97d667d008ff62c423132d64a982bbfe4ee8e438abb8781028d01e9b
RecordBreaker
639900e3b38d9c546aef72ecbd2473cf1072d44fb4fd8d76120a1afabd7ac7a1
RecordBreaker
7fd0c18e417e77f1b4019024738211632265864ea3acf9f985eea6c0c75ba3ba
RecordBreaker
85599a173b0e02feec2e6a0260166da49b870cb8d87c2b0beb1e79473e921d83
RecordBreaker
9ceb1e76aecc689b44fa7c4e8068ec28c3b185d1619be34586167cf662887503
RecordBreaker
e498a9bc5208447745cee34283c29c773650a9ce9a92717b2fb6385b5e54ed4a
RecordBreaker
e7924441cf355557372d5d058eeb30341f9bb4be80f54449ea66b288d183b928
RecordBreaker
+ 141 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220810-fwed1sfch8/
Unpacked files
SH256 hash:
494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab
MD5 hash:
7a2bee524416775d2d9fe309502a1cc3
SHA1 hash:
7fcfc20753c394a6d0cdf65463462581cf4cbde5
Detections:
win_recordbreaker_auto
Create hunting rule
Link:
https://www.unpac.me/results/5fc5c179-ecc1-4bb1-88a0-3a08612640ea/
Parent samples :
9ceb1e76aecc689b44fa7c4e8068ec28c3b185d1619be34586167cf662887503
494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab
0aae4f734962cba43eda599dbff153929a18ce45e814176b5e37998858c70515
0fa60d79f881f8616d2b92c02874f6f2a5c16b216b1e256fc31c176355b5c076
79ff85f42095cb721a36127f3e837a5e45a53645398215da960e15308879a58f
f3d62ca6b2dfd77bd362dc1f4ec6e99bb43302e82583e6e8dce38df9ea1f6fe5
9f6b69057e19a7fd08aab0b2df861a65337207dcfac2d6fbd0d1c0a2b75670e7
9a62e6ee0e71139a8e68a6092c27deb32077a27980c767a44cd5138ffcdca837
463e7bb6693b947b343cd1ba77247bc8e6504a1fe80f36cdf2a3d7d345e15fd3
cd846ec4ec9c0f6e6078d73b1e32b2488179f597307bcdf1777388192e916d54
1f79aa9ab7e50e55cfe06f5b664ba294bf0817883cebce3f3e40854d10f3e1fd
7211d3bb001d5f3c7d8ed55a060654b5709ae910dc453bfb5f364f9ba596ec6f
f83ae75024d271081643464b5429c11911f92fffa744c4023ba65fa35eafd304
d7df519b026cb5fa1706f96d0c6fe548b6099d09b2a7c70c4fb8672009c94fa0
de35d079d23fe6050502c88b2b40633f4518132df910c7100e000c4b7bcee167
7f9507e2305941a7263daeba121ce8a83c91bdbe5ad7df94a9dfc0ab4158271f
4dea58b34e8a877055eb0b1dddd4748de1764ae9540312a479a0d631853b08e3
f6209e164201390a6e2336de76bc71895df803269a36eb045e64a9aee06b6f20
802fd11db464f889f4d17c37c9f023486ec48967df5880628ecfd239f6f7fdfb
295feaaf0a90a4df1f8643cb800ffe05dff51c87727c93898643d500259606a4
800669c02f5914ebfae285f810179c5a68c98a680dd8b97fd700f86f048faca4
1dd402d450c484140663b57c516ca68b10f31976f324f268ac6e564c6ca177af
252b3ba4160da0cf2275f04387d99315af1b336c66b012f450f97ec5ff1b74bd
4779dc9604edf78283c8678f2ce449705b85d1bc3975db3b02ab9075726b46e9
4c60aa3ed60829ddc6f9b9f078c2e9bd8ae7df3dfcb746f8490aab0815b0852c
ee1946273f2fe267a5f780f37a81c32eb557496da6c5c1b75963a578d5d737b6
c1b694fc1a8292381f26293bd47a8093c49d48874937be131fa2e8f35e847b58
4c8662f187b984c7ad509d766d9514542f26ec38e8961097dd17282f0e7c6a1d
e477c654725e056128fd3e6fe47075a3df2251aa45250b97d6d5cfbcb8552cb4
981089760bad47a4ba4546eddf7055e44592ec68be1cc184e1aee10556ec15fc
db0d7b2975ad69353f3bb5b20c8c13c8ca8ab0ab9ae601b350c676a445871a1f
860bd44b97b4dd0bdf34a0f9fef5dd5b42c29bfb700a27ad0855017f4ea60252
99177850baae88bf8d45b0237ba630db6c4dc038ff10677648cee5bc553b0f9d
dfd41e5d98b8e1593cfe0e057deeaef7ff104f9e4698bfde909f1e72e36820fc
13f8728b95a9ca527c725c440726814ffbc88eeaf9323e50958fa3a8df969372
2df90fe6cea8c31e8c59ae207f8fef3aba216956dabfd0f703ec43fb43dc8e4b
ec16bf461e6e9b1e838755954d893e34f79260be2885e5a3aaf171b2886b8706
1800a59347a0968cadae0d92bb90c8b0ea3ece7d29b519ef950c5e3c483b85b8
6c01787028eb296e0197ca946880c6b1a561861d849ef800f9a7f43d9747099d
5b2ab4ffea1cff5682bda68c57ea34aaa0e24f1ec56ad1113289c7673f3ea306
b1092962ac50c7f6d137c97ee1a1b3ca04ae80a05732d2852b91c75496b6427b
86360aa8ab41f3de1ba20cad54f2567c0d5994a20d5b58d0b71aa42c545bb9f8
6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115
bdbd5a0fb6a3ab99f0cfa3cee7e3f7f8f7ec078eeb628aadfb8a32a5df2be3b9
dd0145067f81bf5aff9a7ee7eb56c11a98a5f69a9bdbc36744919ee49890de5a
0afcea05106a649eae4e8bd387f73f6e54f126afc2b89f47d8f43bcf8732bfc7
76211baaff253bcbad2cfd8be73a7c79e1994161c81b344465f32426b7e81081
d2f5c2cb867f4bac760a3ecb44e02b309ea9627a239ac2f99c1013df34d3c667
163b3084ff6608e6b565e9d4b22489a2ff2d9216cd5e08333477ca966a3456d0
8c8ec3293d0d2e2f3fbb863b371083b6cccaba457ba164aa47ed3a35ff2dc51e
07934cba01c76edfad9112b736a866c486ccfd635b4e77285f9d8dceb7c5f2dd
fa179d9f959aa3c1973ffdf6660cfe5cff0bf2f1c91b38d6f05702a2290c9509
dd189281ff76fef82189e4db73599520105fcddcecaa1ca772461c55960228db
4e343d0b39e50e11b2bb9750f305733c40a4ae122a767528a027a2bc969d68fc
2e838279cd0411e4ce8af6e7ee0dd8ea22d54a049fc7e0a77e64952ba8788d1a
d159eb33e1b993f0c9556f0993f1d1747957540b25fd342667efb6a99a515ddf
ff2ba7a304d3bc20641fbcd1dccf30e1e56de316af53df36f64fd85b8396d145
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.52
Link:
https://yomi.yoroi.company/submissions/494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab

File information

The table below shows additional information about this malware sample such as delivery method and external references.

RecordBreaker

Executable exe 9ceb1e76aecc689b44fa7c4e8068ec28c3b185d1619be34586167cf662887503

RecordBreaker

Executable exe 494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab

(this sample)

  
Dropped by
SHA256 9ceb1e76aecc689b44fa7c4e8068ec28c3b185d1619be34586167cf662887503
  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/297533/
  
Dropped by
MD5 4be6b8d7973a568f8c16d49db40844f5

Comments


Avatar
Stephan (@FirehaK@infosec.exchange) commented on 2022-08-10 05:19:08 UTC

This sample is unpacked by 9ceb1e76aecc689b44fa7c4e8068ec28c3b185d1619be34586167cf662887503