MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8f4a974a2d65cc7e7e93a456896efbe804dad011c3e8ba8a3be71834e269105. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8f4a974a2d65cc7e7e93a456896efbe804dad011c3e8ba8a3be71834e269105
SHA3-384 hash: 00e70c05167f719528f7b0d82ce903003194f9b0937306efa9b51b92ce25f6acb2cfe87c5f4062ef926bf839bfc0b4f5
SHA1 hash: 1945d8cee7295d01d186167f0485ed960407152b
MD5 hash: 38899b3bf42c61bc0f7e189cd7d0ba07
humanhash: california-thirteen-hydrogen-beer
File name:38899b3bf42c61bc0f7e189cd7d0ba07
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:1'126'912 bytes
First seen:2022-09-01 01:24:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1e33718404ffbe0d91b536c10bf053f8 (80 x RedLineStealer, 7 x RecordBreaker, 4 x N-W0rm)
ssdeep 24576:6D2n9SfxzNspPYLYG+1FO1TfMwudQcGzU881:s2Kxz6KX81
TLSH T11A353B39EB4625F4D6135771819EEB7B9B047A288022AE3FFF4BDA0CB4331167C85256
TrID 44.6% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
23.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.4% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter zbetcheckin
Tags:32 exe recordbreaker

Intelligence

File Origin
# of uploads :
1
# of downloads :
288
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/307038/
Detection(s):
Win.Spyware.Redlinestealer-9965192-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/36242/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/63100a2cfbf1afa4927cdc31/reports/34966056-207e-4c7f-8b4b-c6aa6b91beab/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c58145d7-fd90-48b9-9ae5-026c4666f0d9
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1062222
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Writes to foreign memory regions
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d8f4a974a2d65cc7e7e93a456896efbe804dad011c3e8ba8a3be71834e269105/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2022-08-23 16:10:13 UTC
File Type:
PE (Exe)
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3d2ks5fc2zompz7jhjcwrfxpx2ae3libdq7ixkfdxzyygtrgsecq._file
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:4c319cb108b8c325bc279b0d33bd04f4 stealer
Link:
https://tria.ge/reports/220901-bsehdseccm/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Raccoon
Malware Config
C2 Extraction:
http://213.252.244.230/
Unpacked files
SH256 hash:
d72b2ffcc7028c0f9dd8d7c995decef511bf126a3b91874b8169b5586824a963
MD5 hash:
3cb09621c91e41ebf15ab6a57cfe9e59
SHA1 hash:
69bdba59efa3beaa5e93cc90153b93d62849536f
Detections:
win_recordbreaker_auto
Create hunting rule
raccoonstealer
Create hunting rule
Link:
https://www.unpac.me/results/068c49d5-e718-4eb6-a363-a9c6793ffa86/
Parent samples :
828979d543912cebcdfbc73bb80fb2744a8a2cb9a289915ec02df4b11c966338
d8f4a974a2d65cc7e7e93a456896efbe804dad011c3e8ba8a3be71834e269105
SH256 hash:
d8f4a974a2d65cc7e7e93a456896efbe804dad011c3e8ba8a3be71834e269105
MD5 hash:
38899b3bf42c61bc0f7e189cd7d0ba07
SHA1 hash:
1945d8cee7295d01d186167f0485ed960407152b
Link:
https://www.unpac.me/results/068c49d5-e718-4eb6-a363-a9c6793ffa86/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d8f4a974a2d65cc7e7e93a456896efbe804dad011c3e8ba8a3be71834e269105

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe d8f4a974a2d65cc7e7e93a456896efbe804dad011c3e8ba8a3be71834e269105

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2287375/
Cape
Cape
https://www.capesandbox.com/analysis/307038/

Comments


Avatar
zbet commented on 2022-09-01 01:24:03 UTC

url : hxxp://a0710963.xsph.ru/Calculator.exe