MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d04f8915ee7e77951a370e770826926ba1667eab0c3a976152d29c0a6585e439. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RecordBreaker

Vendor detections: 14

Intelligence 14 IOCs 1 YARA File information Comments

SHA256 hash:	d04f8915ee7e77951a370e770826926ba1667eab0c3a976152d29c0a6585e439
SHA3-384 hash:	ba87213ce5d97059ea64709d445563a22181e2dac9519c82f3593d7d2aea729b7a9a9e8e1973d230a7f67ac38726a3b0
SHA1 hash:	a1823ce759cabf701254429891481240239b08ae
MD5 hash:	41c7544208354322af5473a2dd0a4ccf
humanhash:	kilo-march-spring-comet
File name:	41c7544208354322af5473a2dd0a4ccf.exe
Download:	download sample
Signature	RecordBreaker Create hunting rule
File size:	11'910'237 bytes
First seen:	2022-10-10 21:20:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b5af53b96a03972def1a5f287c0c1d5c (23 x RecordBreaker, 8 x RaccoonStealer)
ssdeep	98304:fC6E1RXB89qnrj2Do7jNWhcP76ZLMXA3goSy+u27+QanfifflXx86RayUQWJ7:6639ihdWymaPo+u2R0fyXzG7
Threatray	651 similar samples on MalwareBazaar
TLSH	T100C612E7257401CAFAED49B1FD277C1032F33EA9C6C45179B8E976C029720A15A4FA4E
TrID	29.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 22.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 20.3% (.EXE) Win32 Executable (generic) (4505/5/1) 9.1% (.EXE) OS/2 Executable (generic) (2029/13) 9.0% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	60dcd49ebaaabe00 (1 x RecordBreaker)
Reporter	abuse_ch
Tags:	exe recordbreaker

abuse_ch

RecordBreaker C2:
http://77.73.133.1/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://77.73.133.1/	https://threatfox.abuse.ch/ioc/876972/

Intelligence

File Origin

# of uploads :

# of downloads :

302

Origin country :

n/a

Vendor Threat Intelligence

Detection:

RaccoonV2

Link:

https://www.capesandbox.com/analysis/318653/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a file

Reading critical registry keys

Stealing user critical data

Sending an HTTP POST request to an infection source

Sending an HTTP GET request to an infection source

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/42360/overview

Behaviour

MalwareBazaar

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

overlay packed racealer

Link:

https://www.filescan.io/uploads/63448cc629700e7ac65cb8ab/reports/43970037-7189-4881-9223-835064878de2/overview

Result

Verdict:

MALICIOUS

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/adba2fdf-0940-472a-9c03-8cc97a6d47f0

Result

Threat name:

Raccoon Stealer v2

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1087264

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d04f8915ee7e77951a370e770826926ba1667eab0c3a976152d29c0a6585e439/

Threat name:

Win32.Packed.Generic

Status:

Suspicious

First seen:

2022-10-06 20:36:59 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 26 (80.77%)

Threat level:

1/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=2bhysfpopz3zkgrxbz3qqjusnoqwm7vlbq5joyks2koauzmf4q4q._file

Verdict:

malicious

Label(s):

raccoon

RecordBreaker

43b95532737d0ccc0b957d1ab3e6ba4310b4618eec3fa485736b8f0a35cb157c

RecordBreaker

4e73230986aab0ad40dbd475ca56fe0f207ff5d935f766a46cd4675e6bc27229

RecordBreaker

774fa8863d2cb1747c338ef9023103d535715b30b6d5450a9ee146663d77c89b

RecordBreaker

81ae7aea498cdd4d50470b3dcd54088d7bce5bf5f6019b08d9d558acd190cb4d

RecordBreaker

a3605eee1c54709d3a2cbc363d024e07c2e65d5cc080ff77a243920f8033f451

RecordBreaker

+ 641 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:9d1e4355c2f2db3d7a690c4ac83e7372 discovery spyware stealer

Link:

https://tria.ge/reports/221010-z7a1hsdcc4/

Behaviour

Suspicious behavior: EnumeratesProcesses

Enumerates physical storage devices

Suspicious use of NtSetInformationThreadHideFromDebugger

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Loads dropped DLL

Reads user/profile data of web browsers

Downloads MZ/PE file

Raccoon

Malware Config

C2 Extraction:

http://77.73.133.1/

Unpacked files

SH256 hash:

c5182a43be15a8c8b6444ce432539fbe79ae01b75bac04d214946b5fe000656c

MD5 hash:

a1480d49e5dd2cec86bbc06f8a7a9f27

SHA1 hash:

0c2db5c26f768cfece7ec402ae624f95857481cb

Detections:

raccoonstealer

Link:

https://www.unpac.me/results/de8289a0-c5cf-4630-8bee-e9a2bf554ac2/

SH256 hash:

d04f8915ee7e77951a370e770826926ba1667eab0c3a976152d29c0a6585e439

MD5 hash:

41c7544208354322af5473a2dd0a4ccf

SHA1 hash:

a1823ce759cabf701254429891481240239b08ae

Link:

https://www.unpac.me/results/de8289a0-c5cf-4630-8bee-e9a2bf554ac2/

Malware family:

RecordBreaker

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/d04f8915ee7e/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d04f8915ee7e77951a370e770826926ba1667eab0c3a976152d29c0a6585e439

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/318653/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample