MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b067d6dee2b1f707df5046fc59f9eaaeecde74234e949983a6fd90befeacd9e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b067d6dee2b1f707df5046fc59f9eaaeecde74234e949983a6fd90befeacd9e3
SHA3-384 hash: 9f03c9bee6f50ed7102a53c53ef8658daf634a0c76274d4a211ab5e556eef88c2c757d9c30a08d1983acfa4382214d99
SHA1 hash: 24b95a520e39f44911e59e7ed2c813509db3a015
MD5 hash: 1f10199eb033205b4090768d65241b31
humanhash: london-speaker-orange-butter
File name:1f10199eb033205b4090768d65241b31.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:324'096 bytes
First seen:2023-07-24 11:35:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4204b9f7d0ffdbe2928a3ddb092604a6 (3 x RedLineStealer, 2 x RecordBreaker, 1 x Tofsee)
ssdeep 3072:qmpLbXPLewf7Fdry+yonVxcvx3pq+HCcm6yetmU5WOTvCzS0Jkue:tLrLewfHm+r4x3pt3mde4382SL
Threatray 63 similar samples on MalwareBazaar
TLSH T16D649683C6A23D59E9278B769F2EC6E8F70DF2508F49777D1219BA2F04B0076D1A7610
TrID 37.3% (.EXE) Win64 Executable (generic) (10523/12/4)
17.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
16.0% (.EXE) Win32 Executable (generic) (4505/5/1)
7.3% (.ICL) Windows Icons Library (generic) (2059/9)
7.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 0030c04010141000 (1 x RecordBreaker)
Reporter abuse_ch
Tags:exe recordbreaker


Avatar
abuse_ch
RecordBreaker C2:
http://5.161.69.57:8088/

Intelligence

File Origin
# of uploads :
1
# of downloads :
332
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
1f10199eb033205b4090768d65241b31.exe
Verdict:
Malicious activity
Analysis date:
2023-07-24 11:38:16 UTC
Tags:
stealer raccoon recordbreaker raccoon_stealer
Link:
https://app.any.run/tasks/e393a9bc-28b7-46e0-8506-260a30fa31f4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/430662/
Detection(s):
Win.Packer.pkr_ce1a-9980177-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Gathering data
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/b067d6dee2b1f707df5046fc59f9eaaeecde74234e949983a6fd90befeacd9e3
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0c06b2e6-5566-4ae5-9664-da0a830929f6
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1278264
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found evasive API chain (may stop execution after checking mutex)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Uses known network protocols on non-standard ports
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b067d6dee2b1f707df5046fc59f9eaaeecde74234e949983a6fd90befeacd9e3/
Threat name:
Win32.Ransomware.Stopcrypt
Create hunting rule
Status:
Malicious
First seen:
2023-07-21 10:17:18 UTC
File Type:
PE (Exe)
Extracted files:
72
AV detection:
28 of 38 (73.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wbt5nxxcwh3qpx2qi36ft6pkv3wn45bdj2kjta5g7wil57vm3hrq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
0e9f4c905b8c70b93cc923e6c1105f67697f04f525b1cac73ec31101939018e8
RecordBreaker
2513cf6aa56a6fb9c84061ac04c8df3e225258638f9f0d40ce898a9096f93e9b
RecordBreaker
4b4e2cb90f19ec78d76ee50e62baf1d609efa74716f92cc1f42921716372553a
RecordBreaker
66aba326f753f1d952e03cdae48806b64965572b400a9ad38da882d55515a2d5
RecordBreaker
a040c35ef32cbe289d5bc2b8014adcb961ab3aed1e2873d1f2e335933e97927b
RecordBreaker
b5fed3d09a1c70a954e0faa46c3371a471f48a16ac3db95800f70d56e6e1a23f
RecordBreaker
c210be84d04a87aa2d1e84132b6632b5a7e5e0ee740efc5f1c11a63ac5f555f2
RecordBreaker
c25b20c4ab2e5957feab51543819bb8778ffcd493128fa59c14587c17571f20a
RecordBreaker
f47935627a5be41526be384d115b1f291d854063d0b31bee2c9c11dc65695438
RecordBreaker
+ 53 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:20f4a91c61f63af35df3e278591a8e70 stealer
Link:
https://tria.ge/reports/230724-nqj2bada9y/
Behaviour
Program crash
Raccoon
Raccoon Stealer payload
Malware Config
C2 Extraction:
http://5.161.69.57:8088/
Unpacked files
SH256 hash:
98d912de65e408dd00e0a34e62203640152540bc7ac32fe5c6ed67c451ae5b47
MD5 hash:
0d62b0bbebcc37a859183a6e1a6d0206
SHA1 hash:
3befaae69ae9bfca16b2f813a6d388321325425a
Detections:
raccoonstealer
Create hunting rule
Link:
https://www.unpac.me/results/33c8d2f8-15ea-4746-8ae2-808339b95850/
SH256 hash:
b067d6dee2b1f707df5046fc59f9eaaeecde74234e949983a6fd90befeacd9e3
MD5 hash:
1f10199eb033205b4090768d65241b31
SHA1 hash:
24b95a520e39f44911e59e7ed2c813509db3a015
Link:
https://www.unpac.me/results/33c8d2f8-15ea-4746-8ae2-808339b95850/
Malware family:
RecordBreaker
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b067d6dee2b1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b067d6dee2b1f707df5046fc59f9eaaeecde74234e949983a6fd90befeacd9e3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/430662/

Comments