MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ec69d6a18974df6344363827ce77bb9e5eee5bf5082f71698f134c91c9a6138. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ec69d6a18974df6344363827ce77bb9e5eee5bf5082f71698f134c91c9a6138
SHA3-384 hash: d835ea99c9f9bcf7b3cc921c0a483775899d649e0e77e8e35d2fce6d365bd7e56b596907b5e4a10a8218f2436418a48b
SHA1 hash: 51feb0e0fa4c3af0aae58cfbc287883a5334d959
MD5 hash: fb4de4de282e85e4211463726abe4f6c
humanhash: football-south-illinois-football
File name:fb4de4de282e85e4211463726abe4f6c
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:7'505'920 bytes
First seen:2022-07-29 07:04:32 UTC
Last seen:2022-07-29 07:46:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0901266657d602fff9c7d9a865574642 (16 x RecordBreaker, 2 x RaccoonStealer)
ssdeep 196608:e5WsyDH7NsErjlmGP2Fi7PXoADZHCluotc3Er2cMdSsP:e5Wsy3aErjlm0FPoOZiluotw
TLSH T189762367185C01C9F4B88872EC33FEF935F5266A428164B9AAFA9BD36051352C70FE17
TrID 29.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
22.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
20.3% (.EXE) Win32 Executable (generic) (4505/5/1)
9.1% (.EXE) OS/2 Executable (generic) (2029/13)
9.0% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon f8ccccfcbef8793d (4 x RecordBreaker)
Reporter zbetcheckin
Tags:32 exe recordbreaker

Intelligence

File Origin
# of uploads :
2
# of downloads :
348
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/295032/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.33625.17806.30113.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/27721/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62e3d0706336465f2af37e8c/reports/e1847f9f-2a96-4ada-9ece-5ed3297ce22e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/383323a0-b9aa-4007-8fae-4126d6a319b4
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1042920
Signature
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Snort IDS alert for network traffic
Tries to evade analysis by execution special instruction (VM detection)
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4ec69d6a18974df6344363827ce77bb9e5eee5bf5082f71698f134c91c9a6138/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-07-26 19:35:09 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
24 of 39 (61.54%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j3dj22qys5g7mncdmobhzz33xhs65zn7kcbpofuy6e2mshe2me4a._file
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:2bfe180c15fb8ce84892a4761fb0f01b stealer
Link:
https://tria.ge/reports/220729-hwhsjsfhej/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Raccoon
Raccoon Stealer payload
Malware Config
C2 Extraction:
http://206.188.197.116/
Unpacked files
SH256 hash:
2ee1c7e9ea29ffaa0d57cf54631c836059bd0f66eb29cbdf629491804c316d17
MD5 hash:
b5f930abb1f44131643ce9582e9895bf
SHA1 hash:
4893d751449fb939518e92b96a31db2de96660ef
Link:
https://www.unpac.me/results/50ce6b50-97cb-488f-a1d9-15e4661478c0/
SH256 hash:
4ec69d6a18974df6344363827ce77bb9e5eee5bf5082f71698f134c91c9a6138
MD5 hash:
fb4de4de282e85e4211463726abe4f6c
SHA1 hash:
51feb0e0fa4c3af0aae58cfbc287883a5334d959
Link:
https://www.unpac.me/results/50ce6b50-97cb-488f-a1d9-15e4661478c0/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4ec69d6a1897/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe 4ec69d6a18974df6344363827ce77bb9e5eee5bf5082f71698f134c91c9a6138

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/295032/

Comments


Avatar
zbet commented on 2022-07-29 07:04:36 UTC

url : hxxp://a0699540.xsph.ru/2.0.0-beta2.exe