MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67dd0268cb9b122574629662f97f6d56ffca8e7d478f38be141ac02131708730. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RecordBreaker

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	67dd0268cb9b122574629662f97f6d56ffca8e7d478f38be141ac02131708730
SHA3-384 hash:	9256eba8bac785b5b406bfba1046165bbd6e090e2ac82c1a93c86303c889e66c3a552d672fcfbbb6185747e8ca2310a4
SHA1 hash:	5572505f05faf60bdab0fc302eaddc23868021ec
MD5 hash:	5f341e1eb8d7978a78a905b53aebc729
humanhash:	quiet-hotel-mexico-bluebird
File name:	5f341e1eb8d7978a78a905b53aebc729.exe
Download:	download sample
Signature	RecordBreaker Create hunting rule
File size:	14'011'392 bytes
First seen:	2023-03-08 00:01:01 UTC
Last seen:	2023-03-08 01:28:03 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	16cf5db3878b2dcf0f97ac9d337625cb (9 x RecordBreaker)
ssdeep	393216:xKWt3zJ/tZ8kMgQLlwsvNbsJOlCwDMXYc16uv5ub238NXifm:xjtJ1u6EycsOlCm0/16u+00S
Threatray	675 similar samples on MalwareBazaar
TLSH	T1A5E6332E36700146D8D18935BC276F9837F617E61D13FB3FEAC23EC3A9256606941D8A
TrID	37.3% (.EXE) Win64 Executable (generic) (10523/12/4) 17.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 16.0% (.EXE) Win32 Executable (generic) (4505/5/1) 7.3% (.ICL) Windows Icons Library (generic) (2059/9) 7.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	b2aeac8e8eaab28a (1 x RecordBreaker)
Reporter	abuse_ch
Tags:	exe recordbreaker

abuse_ch

RecordBreaker C2:
http://83.217.11.31/

Intelligence

File Origin

# of uploads :

# of downloads :

301

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

raccoon

ID:

File name:

5f341e1eb8d7978a78a905b53aebc729.exe

Verdict:

Malicious activity

Analysis date:

2023-03-08 00:02:58 UTC

Tags:

raccoon recordbreaker trojan loader stealer

Link:

https://app.any.run/tasks/6c8debd3-4bb6-4b60-8cfa-450b6357d5bb

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.1498.20987.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

packed raccoon raccoonstealer racealer

Link:

https://www.filescan.io/uploads/6407d04467ca02bce170cc66/reports/1774ca4f-defe-4a9a-b77c-6fd9ff6591b2/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/67dd0268cb9b122574629662f97f6d56ffca8e7d478f38be141ac02131708730

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d145d281-1aa9-4dd6-8b35-81a668329e1d

Result

Threat name:

Raccoon Stealer v2

Detection:

malicious

Classification:

rans.troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1189092

Signature

Antivirus detection for dropped file

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Found potential ransomware demand text

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Snort IDS alert for network traffic

Tries to detect virtualization through RDTSC time measurements

Tries to evade analysis by execution special instruction (VM detection)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Yara detected Raccoon Stealer v2

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/67dd0268cb9b122574629662f97f6d56ffca8e7d478f38be141ac02131708730/

Threat name:

Win32.Spyware.Raccoonstealer

Status:

Malicious

First seen:

2023-03-05 07:15:17 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

15 of 39 (38.46%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=m7oqe2gltmjck5dcszrps73nk374vdt5i6htrpqudlaccmlqq4ya._file

Verdict:

suspicious

RecordBreaker

1a410b868da14ae4cbc2cbc68870ffcdc8a060aca06ee3b09bd356b9d27c814b

RecordBreaker

23941746340e89fb699e4ecec106fbfd40186fc5b483bf72d82d5d5a2706863f

RecordBreaker

3427583e84dda3d92aab9f9b9050d7cfe9bcb43094acc08f02f0166f310702cc

RecordBreaker

3e75d91d07dce3cbf0f867ea91d5ac804eb371afa2b327b862f3c5324b694e46

RecordBreaker

45aebea9d7e8dfe9d950cc6cf90b5c6e023bd90ef810d8dfde5c9462c642617a

RecordBreaker

51e0e7e4fe62c83990f3f6d6e276f8bed4fd4a0cb8c50eb69fff6d57368e7d11

RecordBreaker

85e9c2683e21ac4ede85dd17040a376b59e2ec1e1064a9930e269413c11abfb8

RecordBreaker

aba02213b0f3c686aa3b4a32104cc1b95748ff3ec926d3030cfb5b88a9b930db

RecordBreaker

c3ac86b3dfaed540a466f230e12c3f12c56e10755b6d5d195001ca5523d80fa4

RecordBreaker

+ 665 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/230308-aax2cacd31/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of NtSetInformationThreadHideFromDebugger

Unpacked files

SH256 hash:

67cf3729240e4e65378dd40ca867c77fa74e7ee3f86fa99032cd6dbf1efe8ff2

MD5 hash:

41bc0efd128d651017cb011d10de9d63

SHA1 hash:

30aa8e7a49c168c37c9d647b7639c2d6471c33af

Link:

https://www.unpac.me/results/4343cfac-484d-4334-a940-285534f802a1/

SH256 hash:

67dd0268cb9b122574629662f97f6d56ffca8e7d478f38be141ac02131708730

MD5 hash:

5f341e1eb8d7978a78a905b53aebc729

SHA1 hash:

5572505f05faf60bdab0fc302eaddc23868021ec

Link:

https://www.unpac.me/results/4343cfac-484d-4334-a940-285534f802a1/

Malware family:

RecordBreaker

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/67dd0268cb9b/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/67dd0268cb9b122574629662f97f6d56ffca8e7d478f38be141ac02131708730

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample