MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb014ee6df367a7536b5884058a370a029268ec576de51f0e29401413083a25b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 10


Intelligence 10 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb014ee6df367a7536b5884058a370a029268ec576de51f0e29401413083a25b
SHA3-384 hash: 480ee298e3061917fceb2975ebfec2df1dd78eba89cda38502eaf76767d5863ef30aa93ed49f39108bbdbbccb7813de3
SHA1 hash: f684b8945603023195665519878bb04da5623181
MD5 hash: 7fd10ec76e8a107153675911c53bb528
humanhash: white-hydrogen-fourteen-london
File name:7fd10ec76e8a107153675911c53bb528.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:7'200'768 bytes
First seen:2022-08-07 13:15:31 UTC
Last seen:2022-08-07 13:49:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 937ca6cd69333a6430e6daf1950bd1fe (5 x RecordBreaker)
ssdeep 196608:Wm8L4BomvZ5w85heJ92bz30q/OQTWLkPerMd3ZHv+2FIBr:pG4BhZCIhQ2Mq/OQK8ZnWB
Threatray 634 similar samples on MalwareBazaar
TLSH T1417623A72570418EE9E9CC75CE3B7D7131F1176A95C29C3EA9EF3BC12463271A207A12
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon d4c4d4b292a2b2a2 (2 x RecordBreaker)
Reporter abuse_ch
Tags:exe recordbreaker


Avatar
abuse_ch
RecordBreaker C2:
http://89.185.85.53/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://89.185.85.53/ https://threatfox.abuse.ch/ioc/841794/

Intelligence

File Origin
# of uploads :
2
# of downloads :
427
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7fd10ec76e8a107153675911c53bb528.exe
Verdict:
Suspicious activity
Analysis date:
2022-08-07 13:17:19 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f96eb162-947a-4998-aa59-ce2ac1966b33

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/296976/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.13365.8749.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/28297/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/62efbb8d0d534e608171e307/reports/9b5f4aaa-7097-4965-8b75-a0b5b0b7d127/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f72d7044-3856-464a-9529-7c6d81ca3554
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1047511
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for sample
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb014ee6df367a7536b5884058a370a029268ec576de51f0e29401413083a25b/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-08-07 13:16:17 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xmau5zw7gz5hknvvrbafri3quausndwfo3pfd4hcsqaucmedujnq._file
Verdict:
unknown
Similar samples:
3ed3b03c36265ddffd8382859b7545cec6955331f85907018adc4bacde22e70e
RecordBreaker
462d28d7f7f0ceb1a2e5f59f8dbf5f1650e4370a0edc8faccfad3ebac73baafc
RecordBreaker
5241bfe2b10e10c08c3ed731298b27dfd708be81460ad281dab3e6987e41712b
RecordBreaker
571de4698edff95c328d3521b11e800a3b9659ad55281dd7729b2ce2210ac931
RecordBreaker
5d2cccfe7a81853b04f8554ff93170a9f616dd63ac4cee69d86b0341b8419ca8
RecordBreaker
84783081ade87f5a4a1902a275eb66c7fe8ebef9e43cdd2d4527bdb1a5a51f04
RecordBreaker
a98b37b337927ef6cea8a053a4ea676646de4dfbf6ce9619593246a1ecc362b6
RecordBreaker
e478b4ce3f8b8d0a2a6f88e5eee26e4f19528b55fa3dfe92258b5e08da8df2e0
RecordBreaker
+ 624 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:839b5f035af17fe32dbee0ca113be5fc stealer
Link:
https://tria.ge/reports/220807-qhsdtsdfd5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Raccoon
Raccoon Stealer payload
Malware Config
C2 Extraction:
http://89.185.85.53/
Unpacked files
SH256 hash:
1f853df42db0ccfbba17c405daa326be2e8dd72ba8e7eaf6161de9fbb50f6c13
MD5 hash:
948e6611d9cb2172c784a9aabde34b37
SHA1 hash:
9833fcc40f443d48dc3c9947ebd8a075f9f11627
Link:
https://www.unpac.me/results/bfb52eb7-d638-49bb-a7e1-6bcf6f753ae8/
SH256 hash:
bb014ee6df367a7536b5884058a370a029268ec576de51f0e29401413083a25b
MD5 hash:
7fd10ec76e8a107153675911c53bb528
SHA1 hash:
f684b8945603023195665519878bb04da5623181
Link:
https://www.unpac.me/results/bfb52eb7-d638-49bb-a7e1-6bcf6f753ae8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bb014ee6df367a7536b5884058a370a029268ec576de51f0e29401413083a25b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe bb014ee6df367a7536b5884058a370a029268ec576de51f0e29401413083a25b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2258178/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/296976/
  
URLhaus
https://urlhaus.abuse.ch/url/2258179/

Comments