MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7200b2bff4458f2b4f3e1051bedb00f952c1e00e4dc8f8df8a72b6640a90e943. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7200b2bff4458f2b4f3e1051bedb00f952c1e00e4dc8f8df8a72b6640a90e943
SHA3-384 hash: 4460b172a297f628a28de624ccf66eceac039b3a5ffdb87df66b9ccec6675393ec78f357b4ccbb30016b496cfa478ba7
SHA1 hash: 43a005efc1f5d4ccf28e5c0aef8a5066f0de0017
MD5 hash: e0baf2aebe3b832acb45f2d48b6bdf3a
humanhash: jig-paris-three-bravo
File name:e0baf2aebe3b832acb45f2d48b6bdf3a
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:2'451'600 bytes
First seen:2022-07-14 07:02:31 UTC
Last seen:2022-07-15 02:40:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2bd4b8620ae035f6bf279b34fa17fcf7 (23 x RedLineStealer, 2 x Formbook, 1 x RecordBreaker)
ssdeep 24576:FNgdrTYQYD4KWtQMpIkKI5aRsVdal5LPB0iABrl3RuQ55313C:FNgik4sVdal5Gl3U
TLSH T180B5F9036A8B0D75DDD23BB461CB633AA734FE30CA2A9B7FB608C53559532C56C1A742
TrID 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
21.3% (.EXE) Win64 Executable (generic) (10523/12/4)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter zbetcheckin
Tags:32 exe recordbreaker

Intelligence

File Origin
# of uploads :
3
# of downloads :
161
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/288699/
Detection(s):
Win.Trojan.Redlinestealer-9955168-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Launching a process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug overlay packed spyeye
Link:
https://www.filescan.io/uploads/62cfbfbed6d93426ceec9d9f/reports/b78c79ab-c072-479b-84aa-7f14f2becfbb/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1031569
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7200b2bff4458f2b4f3e1051bedb00f952c1e00e4dc8f8df8a72b6640a90e943/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2022-07-10 17:40:56 UTC
File Type:
PE (Exe)
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oialfp7uiwhswtz6cbi35wya7fjmdyaojxeprx4kok3gicuq5fbq._file
Gathering data
Unpacked files
SH256 hash:
e7de3e08b853fc9b633899543cfa9160c4a98ef07aa49819dad871f56c49320e
MD5 hash:
90ef180b02f3c8a2ae527ce0428601a1
SHA1 hash:
2429d37543aedba3806fa9f075722e1843c3ac25
Link:
https://www.unpac.me/results/700ce046-e6a9-4a21-bf28-f8410ae19a23/
SH256 hash:
7200b2bff4458f2b4f3e1051bedb00f952c1e00e4dc8f8df8a72b6640a90e943
MD5 hash:
e0baf2aebe3b832acb45f2d48b6bdf3a
SHA1 hash:
43a005efc1f5d4ccf28e5c0aef8a5066f0de0017
Link:
https://www.unpac.me/results/700ce046-e6a9-4a21-bf28-f8410ae19a23/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7200b2bff4458f2b4f3e1051bedb00f952c1e00e4dc8f8df8a72b6640a90e943

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe 7200b2bff4458f2b4f3e1051bedb00f952c1e00e4dc8f8df8a72b6640a90e943

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2257230/
Cape
Cape
https://www.capesandbox.com/analysis/288699/

Comments


Avatar
zbet commented on 2022-07-14 07:02:35 UTC

url : hxxp://78.153.130.139/WYjQFJ1.exe