MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4dd0e5762e6ae6553863f594262e8a1d3f48635d1f49ced7975fc5842fa69a14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 14


Intelligence 14 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4dd0e5762e6ae6553863f594262e8a1d3f48635d1f49ced7975fc5842fa69a14
SHA3-384 hash: 64b7943959717be2a5e5b8ebef803ef4ea196a0738f8979d4ed8afb808db0d46bfc7d405a2075ee3a03da3d828284923
SHA1 hash: 0c7a82838392538aeb714e7638016c430ddf3153
MD5 hash: d6dba86e1d6d80116cd79f3d94ab90c3
humanhash: wolfram-orange-apart-missouri
File name:123.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:1'049'928 bytes
First seen:2022-09-20 16:51:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bf86bf762dd6c7a7a95ea8ecc5024ab9 (1 x RecordBreaker)
ssdeep 24576:qptWrkUP/1F51MfDNDC0tez56/ODIi7kR60DckhWB:Y3UH7DKpCbbki7y9hWB
Threatray 465 similar samples on MalwareBazaar
TLSH T11325AE52B5418432E4A1027096FDEB36793D6E386B2602D3F3D46E5C6D749C32A3DB8B
TrID 88.3% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
4.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
2.0% (.EXE) Win32 Executable (generic) (4505/5/1)
0.9% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 3030737c7a3a3530 (1 x RecordBreaker)
Reporter iamdeadlyz
Tags:exe RaccoonStealer recordbreaker


Avatar
Iamdeadlyz
C&C: 91.201.25.172

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://91.201.25.172/ https://threatfox.abuse.ch/ioc/850709/

Intelligence

File Origin
# of uploads :
1
# of downloads :
298
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Brief & Sketches.rar
Verdict:
Malicious activity
Analysis date:
2022-09-20 15:45:36 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0aab701e-5131-4f4c-8e8c-f8391d37074f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RaccoonV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/311777/
Result
Verdict:
Clean
Maliciousness:
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/38300/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm explorer.exe greyware keylogger overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/6329f036397677696535fe98/reports/446ed148-3b64-4ee2-b146-2dfd5567a0f3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/26acf000-2974-47af-ae1f-cd766034c614
Result
Threat name:
Raccoon Stealer v2, Vidar
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1073934
Signature
C2 URLs / IPs found in malware configuration
Contains functionalty to change the wallpaper
Found many strings related to Crypto-Wallets (likely being stolen)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to detect sandboxes / dynamic malware analysis system (cursor check)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Raccoon Stealer v2
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4dd0e5762e6ae6553863f594262e8a1d3f48635d1f49ced7975fc5842fa69a14/
Threat name:
Win32.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2022-09-20 16:22:37 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
11 of 26 (42.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jxiok5ronltfkodd6wkcmlukdu7uqy25d5e45v4xl7cyil5gtika._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
43b95532737d0ccc0b957d1ab3e6ba4310b4618eec3fa485736b8f0a35cb157c
RecordBreaker
6da056b3e14e136e17890c04f270ed1decbca6d67eb0f0fed914569e4fba8a92
RecordBreaker
7fa1b425c7bc7f04e84aae8b76cd1e6d1db56dab966ff273b5101816525f61c4
RecordBreaker
8129a8a2a4c77198a9a65c393cfc37f8f6ab83842a9c9f430ab1186db9cd0771
RecordBreaker
b140d23cad4bacb53d3dab6b15828129b51cbc77bb9ba0297bed5d5323b9781e
RecordBreaker
b22de3458444455c80b7d79c6d4e2b5925867930ce51ed641cc909b45297c8bb
RecordBreaker
db0d7b2975ad69353f3bb5b20c8c13c8ca8ab0ab9ae601b350c676a445871a1f
RecordBreaker
e3f6666bcc343098a21a2c52ee8a63d03c042b9dfd4cb1dfbf984c6d0e985da0
RecordBreaker
e7924441cf355557372d5d058eeb30341f9bb4be80f54449ea66b288d183b928
RecordBreaker
+ 455 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:d6192ab497dae0aa7ed4f1004c28c52c discovery spyware stealer
Link:
https://tria.ge/reports/220920-vdd3vsdhe3/
Behaviour
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Malware Config
C2 Extraction:
http://91.201.25.172/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/28be6dec-4620-4a4c-a5cd-952ca22f2593
Unpacked files
SH256 hash:
4dd0e5762e6ae6553863f594262e8a1d3f48635d1f49ced7975fc5842fa69a14
MD5 hash:
d6dba86e1d6d80116cd79f3d94ab90c3
SHA1 hash:
0c7a82838392538aeb714e7638016c430ddf3153
Link:
https://www.unpac.me/results/7d248779-6d1e-4f11-98f9-249d4b4e0070/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4dd0e5762e6a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4dd0e5762e6ae6553863f594262e8a1d3f48635d1f49ced7975fc5842fa69a14

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

rar 7b0d940175c7c440f5bc5b54bf72b899fc5cef36ff62e65c2f52856e75d0b05b

RecordBreaker

Executable exe 4dd0e5762e6ae6553863f594262e8a1d3f48635d1f49ced7975fc5842fa69a14

(this sample)

  
X
https://twitter.com/Iamdeadlyz/status/1572261144395677696
  
Dropped by
SHA256 7b0d940175c7c440f5bc5b54bf72b899fc5cef36ff62e65c2f52856e75d0b05b
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/311777/
  
Dropped by
MD5 78f73bb0c5c60d2eaf56978a4d345d3e

Comments