MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ad7834b4af4629c257d41d87c44f0301f514e3228b1b42ca0590c72929e9f93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 13


Intelligence 13 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ad7834b4af4629c257d41d87c44f0301f514e3228b1b42ca0590c72929e9f93
SHA3-384 hash: 9910fd8c1e574e53264253ff1325f839b7e7a86a47c6a4c447d5d7b3ea7f5267fd736e881c9082acb0f028bbc8331e80
SHA1 hash: b52930524c8f6807fed9e1b85e83e31c0e382748
MD5 hash: 5da5ec943227fc949d4815d01b840322
humanhash: double-echo-diet-may
File name:5da5ec943227fc949d4815d01b840322.bin
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:299'520 bytes
First seen:2023-03-19 14:51:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cf9749211bb5c4a3fd321170f5076a11 (4 x Rhadamanthys, 2 x LaplasClipper, 1 x TeamBot)
ssdeep 3072:GDo+XbLzrgfLAHRu6MKpVu0TDKH1LRA5Ib7SJhRrb:6XbLz8fsHR9MOr+HRfch
Threatray 11 similar samples on MalwareBazaar
TLSH T16F54F913F3E17C55E926CB729E2EC2E8771DF5509F49BF6D261CAA2B04B00B2C263615
TrID 37.3% (.EXE) Win64 Executable (generic) (10523/12/4)
17.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
16.0% (.EXE) Win32 Executable (generic) (4505/5/1)
7.3% (.ICL) Windows Icons Library (generic) (2059/9)
7.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 908890d080c08800 (1 x RecordBreaker)
Reporter abuse_ch
Tags:bin exe recordbreaker

Intelligence

File Origin
# of uploads :
1
# of downloads :
262
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
5da5ec943227fc949d4815d01b840322.bin
Verdict:
Malicious activity
Analysis date:
2023-03-19 14:52:13 UTC
Tags:
raccoon recordbreaker trojan loader stealer
Link:
https://app.any.run/tasks/e8681601-d76a-482b-bc13-40a645ccd36b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/375674/
Detection(s):
Win.Packer.pkr_ce1a-9980177-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/74108/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
CPUID_Instruction
EvasionQueryPerformanceCounter
CheckCmdLine
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/64172195da1bbe29caf90c59/reports/f403d120-8f5d-47d4-a6eb-c01714e04fdc/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/6ad7834b4af4629c257d41d87c44f0301f514e3228b1b42ca0590c72929e9f93
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4b34f2f4-344c-4c68-b516-6ad5ad8c8b73
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1197120
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found potential ransomware demand text
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6ad7834b4af4629c257d41d87c44f0301f514e3228b1b42ca0590c72929e9f93/
Threat name:
Win32.Trojan.SmokeLoader
Create hunting rule
Status:
Malicious
First seen:
2023-03-19 14:52:08 UTC
File Type:
PE (Exe)
Extracted files:
57
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nllygs2k6rrjyjl5ihmhyrhqgapvctrsfcy3ilfaleghfeu6t6jq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
23e6ee7b25d1b4dd70cb7658550f8f6d87cb39eba9a57de83aaac4472bac28f8
RecordBreaker
52596eef822fc2232f338a67a88f8c8b8d2fecd04183301541dfd6a79266fba9
RecordBreaker
70ebead6ea8cac65cb1fccb593f7751c6f9ca56333a828d7ce1f9b5c4e23f47a
RecordBreaker
780f69204b13c16f065253cb07609c9671711a9a1695ff4afde1c6c22601863c
RecordBreaker
78535b328b16f6a83d951ee83003913feee0e167e45ccac4760c81e8217fb876
RecordBreaker
be6f2d0e8bc44799f04488d565b3550008ba754233217b3f7b3a6b92c0840caa
RecordBreaker
d64f8f88ebc713a396315b15ff8a0707a405fe67717aa74679f4a71f34a4162d
RecordBreaker
e1fd2d534eed837ebb0fb3b0f25732dadaf4bfd95de92b6c44935d624d991dab
RecordBreaker
e69312127d70accf9e2c20606b600b566507ae679e1b910341403a07eb57d881
RecordBreaker
e7d9c0d2dd8fb7ea26d12bb4ebeff5987ed55ea0fe1ecf1d586e4c57b95c487a
RecordBreaker
+ 1 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:31f1dd78cfcb010a34ba4139e2e6892e stealer
Link:
https://tria.ge/reports/230319-r8qhlaah4w/
Behaviour
Program crash
Raccoon
Malware Config
C2 Extraction:
http://45.144.31.31/
http://195.133.40.111/
Unpacked files
SH256 hash:
bad51064d37028878d53da7b634bf05633b6eb7ae75900077fadf34bfba42553
MD5 hash:
44f3d82c9ddc5732d7c826d470cfef67
SHA1 hash:
03f2d9916e32637ac4f33c25fe64a5dd2024d3a9
Link:
https://www.unpac.me/results/8c4b630e-a0ed-4bbf-ac00-6f3a38be4805/
SH256 hash:
6ad7834b4af4629c257d41d87c44f0301f514e3228b1b42ca0590c72929e9f93
MD5 hash:
5da5ec943227fc949d4815d01b840322
SHA1 hash:
b52930524c8f6807fed9e1b85e83e31c0e382748
Link:
https://www.unpac.me/results/8c4b630e-a0ed-4bbf-ac00-6f3a38be4805/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6ad7834b4af4629c257d41d87c44f0301f514e3228b1b42ca0590c72929e9f93

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:Windows_Trojan_Smokeloader_3687686f
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/375674/

Comments