MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d5f481be0bb03f0e59effda0fc86a0c9a7da2fb8964f2b4d00530f24231fc7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 14


Intelligence 14 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d5f481be0bb03f0e59effda0fc86a0c9a7da2fb8964f2b4d00530f24231fc7c
SHA3-384 hash: ad5852fdf4f2bc3d328896c14d31e002c17b8b17ba82da507ca130995d96c5697f066ec5bcbc52c8df61b79f1bc9cc1a
SHA1 hash: 6d11846a184b32ef8eee63774d353a0a24a5dd55
MD5 hash: 2d54c50c74f1c1517fe00cc167f199da
humanhash: cold-zulu-beryllium-two
File name:2d54c50c74f1c1517fe00cc167f199da
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:220'160 bytes
First seen:2023-09-10 14:31:59 UTC
Last seen:2023-10-01 08:58:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 65a668abd4854f30a044638efbe0edbc (1 x RecordBreaker)
ssdeep 3072:nVgIL+2JVqTZHkORrOxNf84SBlwHh5frhy3b:VgIL+2JkVmbilwzrh
Threatray 1 similar samples on MalwareBazaar
TLSH T16D24AD13A5E1BC67D31787704F2E9AFC7B6EB85D6E21875623081E1F19306B1DA1B322
TrID 59.6% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
15.0% (.EXE) Win64 Executable (generic) (10523/12/4)
7.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.4% (.EXE) Win32 Executable (generic) (4505/5/1)
2.9% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon 000888c093b4a480 (1 x RecordBreaker)
Reporter zbetcheckin
Tags:32 77-91-68-78 exe recordbreaker

Intelligence

File Origin
# of uploads :
3
# of downloads :
363
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
2d54c50c74f1c1517fe00cc167f199da
Verdict:
Malicious activity
Analysis date:
2023-09-10 14:32:29 UTC
Tags:
stealer raccoon recordbreaker loader
Link:
https://app.any.run/tasks/7b0ddc5b-e633-425b-b7d7-c55598fdc1a6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Raccoon
Create hunting rule
Link:
https://www.capesandbox.com/analysis/447740/
Detection(s):
Win.Packer.pkr_ce1a-9980177-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Сreating synchronization primitives
Sending an HTTP POST request
Sending an HTTP GET request
Creating a file
Gathering data
Gathering data
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/8d5f481be0bb03f0e59effda0fc86a0c9a7da2fb8964f2b4d00530f24231fc7c
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d780a633-a610-46a8-8395-b54a475591a3
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1306872
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found evasive API chain (may stop execution after checking mutex)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to delay execution (extensive OutputDebugStringW loop)
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d5f481be0bb03f0e59effda0fc86a0c9a7da2fb8964f2b4d00530f24231fc7c/
Threat name:
Win32.Spyware.Raccoonstealer
Create hunting rule
Status:
Malicious
First seen:
2023-09-10 14:32:06 UTC
File Type:
PE (Exe)
Extracted files:
22
AV detection:
18 of 24 (75.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rvpuqg7axmb7bzm677na7sdkbsnh3ix3rfspfngqauypeqrr7r6a._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
5b0a948e001b9578721e1750b85a1ad72b01e262cf24f6fee578a57dcb684547
RecordBreaker
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon stealer
Link:
https://tria.ge/reports/230910-rv9z3shg43/
Behaviour
Program crash
Raccoon
Raccoon Stealer payload
Unpacked files
SH256 hash:
d981e3ed21ef6c70c23e928a767cb29cbc7807a8ff8b2eaeacf57b0ae86cc488
MD5 hash:
68346f9b142ef905bb1a502d4e828a79
SHA1 hash:
3c525bcbb43ea15f8313ae0cb5a4472655478433
Link:
https://www.unpac.me/results/1914e527-ec7a-4004-8ce5-7d37147413a7/
SH256 hash:
8d5f481be0bb03f0e59effda0fc86a0c9a7da2fb8964f2b4d00530f24231fc7c
MD5 hash:
2d54c50c74f1c1517fe00cc167f199da
SHA1 hash:
6d11846a184b32ef8eee63774d353a0a24a5dd55
Link:
https://www.unpac.me/results/1914e527-ec7a-4004-8ce5-7d37147413a7/
Malware family:
RecordBreaker
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8d5f481be0bb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8d5f481be0bb03f0e59effda0fc86a0c9a7da2fb8964f2b4d00530f24231fc7c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe 8d5f481be0bb03f0e59effda0fc86a0c9a7da2fb8964f2b4d00530f24231fc7c

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2711012/
Cape
Cape
https://www.capesandbox.com/analysis/447740/

Comments


Avatar
zbet commented on 2023-09-10 14:32:00 UTC

url : hxxp://77.91.68.78/lend/jfdgdfg.exe