MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd7f075fc5ca8ef703f71de1d9f195e01e9a3433668f0a54898b4d88ea85587b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RecordBreaker

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	cd7f075fc5ca8ef703f71de1d9f195e01e9a3433668f0a54898b4d88ea85587b
SHA3-384 hash:	99122032596ee1734092b1da60a1a747a264de940de9971edf965a2b889f54d7cf6cfb8d6dc6711c1af655009ff9ad0c
SHA1 hash:	6f985ae67ac49691e9d710c3d6857d8fb8d5e846
MD5 hash:	50c9d1123fbcbec919b6e5c703c350cd
humanhash:	nineteen-golf-don-minnesota
File name:	50c9d1123fbcbec919b6e5c703c350cd.exe
Download:	download sample
Signature	RecordBreaker Create hunting rule
File size:	6'626'304 bytes
First seen:	2023-02-20 20:55:44 UTC
Last seen:	2023-02-20 22:31:11 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	161839a78ef6f07a30d3f07895f6fe23 (27 x RecordBreaker)
ssdeep	98304:QuOCe2GxkNJAULgF2qFZaR+UkojUNRhTV8w/9hZ+cqJ17Zo4DeibfGDu:QuJf7VYNnV4cqZmib
Threatray	599 similar samples on MalwareBazaar
TLSH	T1886623A396B42919E0D6CC3A4963FDF732B9033B6E80EC7A66CD25E13C554907F27582
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	88d4e0f8d4cc8e00 (1 x RecordBreaker)
Reporter	abuse_ch
Tags:	exe recordbreaker

abuse_ch

RecordBreaker C2:
http://83.217.11.35/

Intelligence

File Origin

# of uploads :

# of downloads :

343

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

50c9d1123fbcbec919b6e5c703c350cd.exe

Verdict:

No threats detected

Analysis date:

2023-02-20 20:57:01 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3b0f2d1b-12ce-4b06-8473-a8f53ca6e5fc

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/368526/

Detection(s):

SecuriteInfo.com.Variant.Lazy.295433.21829.16733.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/71882/overview

Behaviour

MalwareBazaar

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/63f3de6442bf85850e3e5852/reports/b82f9166-f7a0-4fc5-93a1-e92fa28a5fee/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/cd7f075fc5ca8ef703f71de1d9f195e01e9a3433668f0a54898b4d88ea85587b

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/b40e3d4b-b0b2-4e97-b982-713b7d8789e1

Result

Threat name:

Raccoon Stealer v2

Detection:

malicious

Classification:

rans.troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1179462

Signature

Antivirus detection for dropped file

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Creates autostart registry keys with suspicious names

Found potential ransomware demand text

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Yara detected Raccoon Stealer v2

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cd7f075fc5ca8ef703f71de1d9f195e01e9a3433668f0a54898b4d88ea85587b/

Threat name:

Win32.Trojan.Pwsx

Status:

Malicious

First seen:

2023-02-17 08:11:23 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

19 of 39 (48.72%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=zv7qox6fzkhpoa7xdxq5t4mv4apjunbtm2hquvejrngyr2uflb5q._file

Verdict:

malicious

RecordBreaker

2e557bd01d811580bda017fd1d1070d56d722e7d261474f2b404410f55ec1abc

RecordBreaker

37b90013b2b05efd0ff943fb6b3173bc802d5cc7eb0d24801ee5c298f30b5b3d

RecordBreaker

61944d63af0a88ab927fa3bfb88eadd93435c4a851c2010756819cfaa90acde1

RecordBreaker

75520762f93c99c79ebac6081437b0b1ebf7122b1bcc1942484ea5de8e06a1ea

RecordBreaker

77ed638394053fe4fef1486f85bac2423f392a1f5e523f9ddf3f5dec289868d8

RecordBreaker

84a04190d479e2cf0fd459258a4fd4fc4a5059f96c355172e2c230f0bd1e863b

RecordBreaker

a162a4a82e21300ea8634e03e4d7f4b186cff8b9c41e2e9c46ca0c72e97aeacb

RecordBreaker

b2f43a3821b25e1dae64b151314963fe4e3319c91f20c590198869f49b380446

RecordBreaker

+ 589 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:717609e6131226f92ce8ce08c34305be stealer

Link:

https://tria.ge/reports/230220-zqz83sec6t/

Behaviour

Suspicious behavior: EnumeratesProcesses

Raccoon

Malware Config

C2 Extraction:

http://83.217.11.35
http://83.217.11.34

Unpacked files

SH256 hash:

cd7f075fc5ca8ef703f71de1d9f195e01e9a3433668f0a54898b4d88ea85587b

MD5 hash:

50c9d1123fbcbec919b6e5c703c350cd

SHA1 hash:

6f985ae67ac49691e9d710c3d6857d8fb8d5e846

Link:

https://www.unpac.me/results/c73e2380-28cf-42ed-b560-56f5ea031f82/

Malware family:

RecordBreaker

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/cd7f075fc5ca/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cd7f075fc5ca8ef703f71de1d9f195e01e9a3433668f0a54898b4d88ea85587b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/368526/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample