MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a48ba6c3447ff9e85c9524ce4a90771735e5ca09c917b74fce272e5ba171e5a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a48ba6c3447ff9e85c9524ce4a90771735e5ca09c917b74fce272e5ba171e5a7
SHA3-384 hash: a47bedb17da516e0f06df8712b1c2491b23aaaf9ce66d457c3d8cf4f3dd987b312c3ebf60affaeec968a74f4cad8e4ad
SHA1 hash: a3c706e73d278d6124c70d8cd0392f6c47f2205f
MD5 hash: 065a30af4b949ed07c5c1761c7426f79
humanhash: hydrogen-network-double-autumn
File name:065a30af4b949ed07c5c1761c7426f79
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:7'271'936 bytes
First seen:2022-07-16 16:02:37 UTC
Last seen:2022-07-16 16:31:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0901266657d602fff9c7d9a865574642 (16 x RecordBreaker, 2 x RaccoonStealer)
ssdeep 196608:pnCKHQ3wPpZyJwrxIQWT//Q877vNXbycOMeJc:9pQCpZKwrijL7NX+cOC
TLSH T10F7612221391D05DC0BCE875C0A7E8E42CF7921A6971297C6E5A9BB23477FA3910FC5E
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon f4968e32b38e96dc (1 x RecordBreaker)
Reporter zbetcheckin
Tags:32 exe recordbreaker

Intelligence

File Origin
# of uploads :
2
# of downloads :
377
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/291239/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.33625.22532.26535.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f74cb783-f03a-4a04-974d-9316daef51ed
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1033903
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a48ba6c3447ff9e85c9524ce4a90771735e5ca09c917b74fce272e5ba171e5a7/
Threat name:
Win32.Spyware.Nadrac
Create hunting rule
Status:
Malicious
First seen:
2022-07-16 07:40:19 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
19 of 26 (73.08%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=usf2nq2ep746qxevethevedxc426lsqjzel3ot6oe4xfxilr4wtq._file
Verdict:
malicious
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon discovery spyware stealer
Link:
https://tria.ge/reports/220716-thc6padfel/
Behaviour
Suspicious behavior: EnumeratesProcesses
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Unpacked files
SH256 hash:
41e8db6f4ce66cd99be1e8c4f62accc41ed5569d173a6347de09705b802ce26d
MD5 hash:
7ec774ef9463aab169514801686feda8
SHA1 hash:
4fe7d53da4da64d8643db72f7626981c85d06842
Link:
https://www.unpac.me/results/b7764ce7-04ea-4217-8dbd-e7c2353aa354/
SH256 hash:
a48ba6c3447ff9e85c9524ce4a90771735e5ca09c917b74fce272e5ba171e5a7
MD5 hash:
065a30af4b949ed07c5c1761c7426f79
SHA1 hash:
a3c706e73d278d6124c70d8cd0392f6c47f2205f
Link:
https://www.unpac.me/results/b7764ce7-04ea-4217-8dbd-e7c2353aa354/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a48ba6c3447ff9e85c9524ce4a90771735e5ca09c917b74fce272e5ba171e5a7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe a48ba6c3447ff9e85c9524ce4a90771735e5ca09c917b74fce272e5ba171e5a7

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2257971/
Cape
Cape
https://www.capesandbox.com/analysis/291239/

Comments


Avatar
zbet commented on 2022-07-16 16:02:40 UTC

url : hxxp://a0696124.xsph.ru/S22sSAads2_2.exe