MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 579787277276d3bfc4f066cedbe8c7d0e90f4d86fb38f494287884bd5f2f4453. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RecordBreaker

Vendor detections: 14

Intelligence 14 IOCs YARA File information Comments

SHA256 hash:	579787277276d3bfc4f066cedbe8c7d0e90f4d86fb38f494287884bd5f2f4453
SHA3-384 hash:	0a23abee945236bbb2c1d03f976fad5500d5ec798544c4cdeb32d0387edab29eacbcf94e3b115ae79e64ffa1aa96e63a
SHA1 hash:	22c7de707adf4009eaed9fb8fbd71acc596fdb35
MD5 hash:	c116195e5d3b300df037df89fbf83b70
humanhash:	arizona-red-missouri-autumn
File name:	Setup.exe
Download:	download sample
Signature	RecordBreaker Create hunting rule
File size:	6'327'296 bytes
First seen:	2022-11-16 06:55:20 UTC
Last seen:	2022-11-16 08:46:00 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2f285ed6f05eae8b1321ad1b364e9c75 (19 x RecordBreaker, 2 x RaccoonStealer)
ssdeep	196608:cK7R9IwUVk39PzJ8Dga5ZT/mZYYIgAIWy4:pl9BkAyg024dtD
TLSH	T1E25623B3316521CEF8E78876452FADA571B30BBB8A86BCBC64557FE124216B0F211D13
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	5ab264c08081f072 (1 x RecordBreaker)
Reporter	abuse_ch
Tags:	exe recordbreaker

abuse_ch

RecordBreaker C2:
http://45.15.156.120/

Intelligence

File Origin

# of uploads :

# of downloads :

210

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

raccoon

ID:

File name:

Setup.exe

Verdict:

Malicious activity

Analysis date:

2022-11-16 07:01:15 UTC

Tags:

trojan raccoon recordbreaker loader stealer

Link:

https://app.any.run/tasks/7adb8b99-83e3-4cef-b624-aa8f8c074170

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/334659/

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.15126.18317.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending an HTTP POST request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/6374898307c3f5e84a0162a0/reports/259dee0d-2837-46ea-9b4c-a804a51f2708/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/01712533-8c60-4016-bd20-8541aa7a72df

Result

Threat name:

Raccoon Stealer v2

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1114555

Signature

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Snort IDS alert for network traffic

Tries to detect virtualization through RDTSC time measurements

Yara detected Raccoon Stealer v2

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/579787277276d3bfc4f066cedbe8c7d0e90f4d86fb38f494287884bd5f2f4453/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-11-16 06:56:17 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

18 of 26 (69.23%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=k6lyoj3so3j37rhqm3hnx2gh2duq6tmg7m4pjfbipccl2xzpirjq._file

Verdict:

malicious

Label(s):

raccoon

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:78895e6c011840533588aec93ff04720 stealer

Link:

https://tria.ge/reports/221116-hqcpcadd8x/

Behaviour

Suspicious behavior: EnumeratesProcesses

Raccoon

Malware Config

C2 Extraction:

http://45.15.156.120/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/3de82b3e-a941-4355-981c-5f41ffe46258

Unpacked files

SH256 hash:

207e6a56d59b240e6bf158503e83bccd66da7e0d53c04d945b827b7e7c701c84

MD5 hash:

463eeee3a35e94e4b1053a13b53c8c78

SHA1 hash:

f4703fd9ce42ee321073fce32f572ada28b6cb2f

Link:

https://www.unpac.me/results/f14d4759-b1e5-4fd0-b68c-072846ef66a0/

SH256 hash:

579787277276d3bfc4f066cedbe8c7d0e90f4d86fb38f494287884bd5f2f4453

MD5 hash:

c116195e5d3b300df037df89fbf83b70

SHA1 hash:

22c7de707adf4009eaed9fb8fbd71acc596fdb35

Link:

https://www.unpac.me/results/f14d4759-b1e5-4fd0-b68c-072846ef66a0/

Malware family:

RecordBreaker

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/579787277276/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/579787277276d3bfc4f066cedbe8c7d0e90f4d86fb38f494287884bd5f2f4453

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/334659/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample