MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d67b76360660ba2c0fab5788a64023ca219c027d2c66f3d22418ccffcae78776. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RecordBreaker

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	d67b76360660ba2c0fab5788a64023ca219c027d2c66f3d22418ccffcae78776
SHA3-384 hash:	0e6b89e48a61e7d455805c2cfbaabc5675af8d6f257d218e0b0d2128e912cd182763f71613e5ae4c60861221e8fea784
SHA1 hash:	6f9170ab9d03cec052013186b094bc08e1514481
MD5 hash:	cb89b2d8a71abc29e72e591e0d6ac865
humanhash:	butter-lactose-oven-stairway
File name:	file
Download:	download sample
Signature	RecordBreaker Create hunting rule
File size:	6'547'968 bytes
First seen:	2022-11-10 20:17:15 UTC
Last seen:	2022-11-11 07:19:55 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2f285ed6f05eae8b1321ad1b364e9c75 (19 x RecordBreaker, 2 x RaccoonStealer)
ssdeep	98304:IRPQqqRyNp82jTDhd+Uhefvnhn/kXS0DdSIH2HSUITGmzssafsujLp7vtDg:Iv02jP0fvnh89DfWH1ISmzO97a
Threatray	1'022 similar samples on MalwareBazaar
TLSH	T1F766236712DA1160E8E48C39D633FCA471FB1E2A4D81D879A0E7BEC73B369D5D252843
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	d4e8dcf0f24b4148 (1 x RecordBreaker)
Reporter	andretavare5
Tags:	exe recordbreaker

andretavare5

Sample downloaded from https://vk.com/doc760750097_655812667?hash=qqMhmtyhVmueWSYpxtUysDZa7mQhX2HlJZ3VYx0wmnz&dl=G43DANZVGAYDSNY:1668111093:LStBKZutDz6dPgi7RTlRFO1oRMUZzRKOFXuCIO7W1xo&api=1&no_preview=1#may2

Intelligence

File Origin

# of uploads :

256

# of downloads :

229

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

No threats detected

Analysis date:

2022-11-10 20:25:03 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/5615c670-94f9-434e-b5f1-ffcaff362d8f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/332119/

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.18186.30428.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending a custom TCP request

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/51084/overview

Behaviour

MalwareBazaar

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/636d5c7c7662ecf108399c1f/reports/081219f0-8dca-40d1-9a20-b7c034ed301c/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/41cc28b9-6f83-4da2-8066-8551634448f7

Result

Threat name:

Raccoon Stealer v2

Detection:

malicious

Classification:

troj.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1110766

Signature

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Tries to detect virtualization through RDTSC time measurements

Yara detected Raccoon Stealer v2

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d67b76360660ba2c0fab5788a64023ca219c027d2c66f3d22418ccffcae78776/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-11-10 20:18:17 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

14 of 25 (56.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2z5xmnqgmc5cyd5lk6ekmqbdziqzyat5frtphureddgp7sxhq53a._file

Verdict:

malicious

Label(s):

raccoon

RecordBreaker

37af8d63e8e5adb5a5f30b471fe4e29f686c7923507583a21f46d3b2eb554f09

RecordBreaker

43b95532737d0ccc0b957d1ab3e6ba4310b4618eec3fa485736b8f0a35cb157c

RecordBreaker

4e73230986aab0ad40dbd475ca56fe0f207ff5d935f766a46cd4675e6bc27229

RecordBreaker

774fa8863d2cb1747c338ef9023103d535715b30b6d5450a9ee146663d77c89b

RecordBreaker

d04f8915ee7e77951a370e770826926ba1667eab0c3a976152d29c0a6585e439

RecordBreaker

+ 1'012 additional samples on MalwareBazaar

Result

Malware family:

raccoon

Score:

10/10

Tags:

family:raccoon botnet:d2f643fdb867ca6beffc12549d6afb13 stealer

Link:

https://tria.ge/reports/221110-y29q8afedl/

Behaviour

Suspicious behavior: EnumeratesProcesses

Raccoon

Malware Config

C2 Extraction:

http://167.235.134.14/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/14b8f7ec-9bcb-4c27-abcb-c18a74250c6c

Unpacked files

SH256 hash:

d67b76360660ba2c0fab5788a64023ca219c027d2c66f3d22418ccffcae78776

MD5 hash:

cb89b2d8a71abc29e72e591e0d6ac865

SHA1 hash:

6f9170ab9d03cec052013186b094bc08e1514481

Link:

https://www.unpac.me/results/224cc9de-cecf-40a2-b38d-ee10e9c374df/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d67b76360660ba2c0fab5788a64023ca219c027d2c66f3d22418ccffcae78776

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/332119/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample