MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97f0590c95058e7177e57e48c36da9302f5016b21da44efcfa644d016d87330b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RecordBreaker

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	97f0590c95058e7177e57e48c36da9302f5016b21da44efcfa644d016d87330b
SHA3-384 hash:	5bb830a0eb7085878b215762e11c643f7c6e4bbaf098d7ce7c8806b8bc3c7ba0ce585e7b6928995aecd5fe39e98edb90
SHA1 hash:	7329a1a9e7c69ff0954c0622b577dee1a3275494
MD5 hash:	22928a57d7fbddb9c6e803a8fe0e643a
humanhash:	high-moon-spaghetti-ack
File name:	22928a57d7fbddb9c6e803a8fe0e643a.exe
Download:	download sample
Signature	RecordBreaker Create hunting rule
File size:	108'032 bytes
First seen:	2023-01-05 22:40:27 UTC
Last seen:	2023-01-06 00:55:03 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	89766042e29aed5fce63c7340618b000 (6 x RecordBreaker, 3 x RaccoonStealer)
ssdeep	1536:d0jcjzCB6WeKjhKY/hINnAsmLps3K6iAGuSayJCPieRMRGpq5:QcjzCB6WfhK4IULps3K6RbSlCPiSE75
Threatray	240 similar samples on MalwareBazaar
TLSH	T171B37291D8D6BC12C69100315DC7F773A72DAE392CF4E80FA2985EF07EA40657E5E982
TrID	27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 20.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.6% (.EXE) Win32 Executable (generic) (4505/5/1) 8.5% (.ICL) Windows Icons Library (generic) (2059/9) 8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	abuse_ch
Tags:	exe recordbreaker

abuse_ch

RecordBreaker C2:
http://45.130.151.120/

Intelligence

File Origin

# of uploads :

2

# of downloads :

241

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

22928a57d7fbddb9c6e803a8fe0e643a.exe

Verdict:

No threats detected

Analysis date:

2023-01-05 22:42:14 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e7178acf-8e22-43f2-98ba-912662855d69

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/349824/

Detection(s):

SecuriteInfo.com.Variant.Lazy.256797.1497.31798.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending a custom TCP request

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/63b751ffbf1064ac5b2dc837/reports/8b77101b-c1e1-4815-a32e-3829070c549e/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Raccoon Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/44b58f9d-b4dc-463a-9eab-b32a1c68617a

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1145966

Signature

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/97f0590c95058e7177e57e48c36da9302f5016b21da44efcfa644d016d87330b/

Threat name:

Win32.Trojan.Tiggre

Status:

Malicious

First seen:

2023-01-03 06:51:38 UTC

File Type:

PE (Exe)

AV detection:

26 of 41 (63.41%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=s7yfsdevawhhc57fpzemg3njgaxvafvsdwse57h2mrgqc3mhgmfq._file

Verdict:

malicious

Label(s):

raccoon

Similar samples:

0f4f28f4e67d88dd5e4fbbad3be608e05d8d157f6ece8f90e68f7423dc5e37c4

14d0ab048470cf65ec844ce0a841204c8120c190a5838bc5bcdb85a1ea9f56fa

21ed24d2d6935439ae3e18b6778d8e1c6387cfbc162f0a047f4df9a00d87fbc9

25c17fe456e4f3307e03f8fecb0154fcd4d66374922a4d169b30549f80501958

3cf79fc23f11a3083159b0a8b5b0c04068ccb93715a1f82e360ea31608a300bf

3e1fbbd273800929e5d4a0d80655a43b262da68eb415141c346b7feb97dc6316

3e314e5b5221f918297e6cd98555ab214dceb012192d9400ca406193fac1dd40

712a5c955bd61408454fdb715f46dbd0edceb328e61ad1feb84939b6c69fb65c

d91a27a04ac9e4fc3ddfbb37372f0587cb62b8be0ec0cf5afc52a2c4c8ca4ee5

e70e3bab6f90e79016bd67a9c934fd9a49100ac5e9a265ee3f5d4f3c1a9ab820

+ 230 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/230105-2l3vhsde52/

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/02ed474a-444a-4be7-a72e-cb76bf6be5e1

Unpacked files

SH256 hash:

97f0590c95058e7177e57e48c36da9302f5016b21da44efcfa644d016d87330b

MD5 hash:

22928a57d7fbddb9c6e803a8fe0e643a

SHA1 hash:

7329a1a9e7c69ff0954c0622b577dee1a3275494

Link:

https://www.unpac.me/results/cc45a133-76a5-48ab-ba26-10244ca95d6b/

Malware family:

RecordBreaker

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/97f0590c9505/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/97f0590c95058e7177e57e48c36da9302f5016b21da44efcfa644d016d87330b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/349824/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample