MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9869984c762f83d237d05082a6bcaaf680e388a7c9af167e3e28085145996526. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RecordBreaker

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	9869984c762f83d237d05082a6bcaaf680e388a7c9af167e3e28085145996526
SHA3-384 hash:	b507d57c11bde1ea56b49e495c6edc5adf9dc4a9014378e7f6492f1cd59a299c44cc234c52f4511ac31251166560ab6d
SHA1 hash:	7b12d0062863287ae21e0c2d38feb8c1f611c4b4
MD5 hash:	07e0ad19089e6847ffc078f0d5d6606b
humanhash:	crazy-kitten-fanta-spaghetti
File name:	wallets-free.exe
Download:	download sample
Signature	RecordBreaker Create hunting rule
File size:	7'112'704 bytes
First seen:	2022-10-29 17:00:43 UTC
Last seen:	2022-10-29 18:12:48 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b5af53b96a03972def1a5f287c0c1d5c (23 x RecordBreaker, 8 x RaccoonStealer)
ssdeep	196608:hCvb2YDh+3FEImhWp38oJPEUCWFspvbZKAc/hHze/M5jzft3iyCP:Ivb2Y1+SImv+PEJtZwquzfpR
TLSH	T1786622D352101363C4A4F73160273FB722F2ADE6F653B87629D879D426B31A2D613A93
TrID	32.2% (.EXE) Win64 Executable (generic) (10523/12/4) 20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 15.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 13.7% (.EXE) Win32 Executable (generic) (4505/5/1) 6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	f0e8c48edcece070 (1 x RecordBreaker)
Reporter	abuse_ch
Tags:	exe recordbreaker

abuse_ch

RecordBreaker C2:
http://193.233.48.6/

Intelligence

File Origin

# of uploads :

# of downloads :

254

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

wallets-free.exe

Verdict:

No threats detected

Analysis date:

2022-10-29 17:02:50 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/f932a467-ce00-41e6-9037-937d4f9f0f54

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RaccoonV2

Link:

https://www.capesandbox.com/analysis/325915/

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.18908.16469.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/46653/overview

Behaviour

MalwareBazaar

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/635d5c4f736e9d884f0d8e6d/reports/4fc2c6ed-73e4-437f-b9f7-4135d9ed7a7f/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/ab40a510-aa1d-437a-ab68-9115f7bf7017

Result

Threat name:

Raccoon Stealer v2

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1100984

Signature

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for sample

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Tries to detect virtualization through RDTSC time measurements

Tries to evade analysis by execution special instruction (VM detection)

Yara detected Raccoon Stealer v2

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9869984c762f83d237d05082a6bcaaf680e388a7c9af167e3e28085145996526/

Threat name:

Win32.Packed.Generic

Status:

Suspicious

First seen:

2022-10-29 17:01:18 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

18 of 26 (69.23%)

Threat level:

1/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=tbuzqtdwf6b5en6qkcbknpfk62aohcfhzgxrm7r6faefcrmzmuta._file

Verdict:

suspicious

Label(s):

raccoon

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:ac1f7cc7f8f2bd7aa49eae057eecab96 stealer

Link:

https://tria.ge/reports/221029-vjh9rsfcb8/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of NtSetInformationThreadHideFromDebugger

Raccoon

Malware Config

C2 Extraction:

http://193.233.48.6/

Unpacked files

SH256 hash:

b3f4864163a4e3978eae7e4c677189dfe6dab0cdb4ced62dd020c39cb765566b

MD5 hash:

2ae570d5d6f848a8b405f04edb5ed711

SHA1 hash:

ecf2c0afe8744c811dd627a67e0678dfaf8734e3

Detections:

raccoonstealer

Link:

https://www.unpac.me/results/a1b71b6b-a341-4e33-9e7b-e445238b8e48/

SH256 hash:

9869984c762f83d237d05082a6bcaaf680e388a7c9af167e3e28085145996526

MD5 hash:

07e0ad19089e6847ffc078f0d5d6606b

SHA1 hash:

7b12d0062863287ae21e0c2d38feb8c1f611c4b4

Link:

https://www.unpac.me/results/a1b71b6b-a341-4e33-9e7b-e445238b8e48/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9869984c762f83d237d05082a6bcaaf680e388a7c9af167e3e28085145996526

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/325915/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample