MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd189281ff76fef82189e4db73599520105fcddcecaa1ca772461c55960228db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 16


Intelligence 16 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd189281ff76fef82189e4db73599520105fcddcecaa1ca772461c55960228db
SHA3-384 hash: 5391b2f163754f70fa5169a5787767d40dd3de0e5ce0c9bb88091397cf7def18ebd6b3e90625996367c8b3e135d287ea
SHA1 hash: 36dfacb12b6dc85fa8150de9d9a2e31374061722
MD5 hash: fc5c74b829172d86048c8e7f95d49530
humanhash: happy-arizona-oklahoma-bravo
File name:fc5c74b829172d86048c8e7f95d49530.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:614'400 bytes
First seen:2022-08-27 15:19:41 UTC
Last seen:2022-08-27 15:51:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2d85dfc52917395287eabc5169ceb988 (3 x RecordBreaker)
ssdeep 12288:MjiNWSEaZ/ygfMlruZ/ZPv3rS4O/Z3X6tFlPA7G:Mj2v1crE/h7SGFlPA7
Threatray 368 similar samples on MalwareBazaar
TLSH T119D48D26B1F08733D17B163D8D7BA7BC983A7D412E28984A7BF41D4C4E3A641742A397
TrID 68.5% (.EXE) Win32 Executable Borland Delphi 7 (664796/42/58)
27.0% (.EXE) Win32 Executable Borland Delphi 6 (262638/61)
1.4% (.EXE) Win32 Executable Delphi generic (14182/79/4)
1.3% (.SCR) Windows screen saver (13101/52/3)
0.4% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter abuse_ch
Tags:exe recordbreaker

Intelligence

File Origin
# of uploads :
2
# of downloads :
268
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
fc5c74b829172d86048c8e7f95d49530.exe
Verdict:
Malicious activity
Analysis date:
2022-08-27 15:24:55 UTC
Tags:
trojan raccoon recordbreaker loader
Link:
https://app.any.run/tasks/04a42bd2-e6cc-43e4-a6ea-ef00a60b3166

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RaccoonV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/301631/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.34126.560.31930.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/30336/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware keylogger
Link:
https://www.filescan.io/uploads/630a369cc9bbd990979aa0a8/reports/c73bc097-37aa-4469-bf42-187bed1da755/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d12bab96-672b-49a2-b605-78a969b22aed
Result
Threat name:
CryptOne, Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1058941
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Yara detected CryptOne packer
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd189281ff76fef82189e4db73599520105fcddcecaa1ca772461c55960228db/
Threat name:
Win32.Trojan.RaccoonSteal
Create hunting rule
Status:
Malicious
First seen:
2022-08-27 15:20:09 UTC
File Type:
PE (Exe)
Extracted files:
38
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3umjfap7o37pqimj4tnxgwmveaif7to45svbzj3siyoflfqcfdnq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
0afcea05106a649eae4e8bd387f73f6e54f126afc2b89f47d8f43bcf8732bfc7
RecordBreaker
10ab970ff8d48b8e4ea2db0cabab8c8911b87a242b3e80a151b06c8d3f541785
RecordBreaker
1800a59347a0968cadae0d92bb90c8b0ea3ece7d29b519ef950c5e3c483b85b8
RecordBreaker
46858af83e818902ecb4e028dd124509b046b5f57f1815fe54e4b9491d68916c
RecordBreaker
5b2ab4ffea1cff5682bda68c57ea34aaa0e24f1ec56ad1113289c7673f3ea306
RecordBreaker
6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115
RecordBreaker
86360aa8ab41f3de1ba20cad54f2567c0d5994a20d5b58d0b71aa42c545bb9f8
RecordBreaker
d2f5c2cb867f4bac760a3ecb44e02b309ea9627a239ac2f99c1013df34d3c667
RecordBreaker
ec16bf461e6e9b1e838755954d893e34f79260be2885e5a3aaf171b2886b8706
RecordBreaker
fa179d9f959aa3c1973ffdf6660cfe5cff0bf2f1c91b38d6f05702a2290c9509
RecordBreaker
+ 358 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:afb5c633c4650f69312baef49db9dfa4 stealer
Link:
https://tria.ge/reports/220827-sqq7vadea3/
Behaviour
Downloads MZ/PE file
Raccoon
Malware Config
C2 Extraction:
http://193.56.146.177
Unpacked files
SH256 hash:
494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab
MD5 hash:
7a2bee524416775d2d9fe309502a1cc3
SHA1 hash:
7fcfc20753c394a6d0cdf65463462581cf4cbde5
Detections:
win_recordbreaker_auto
Create hunting rule
Link:
https://www.unpac.me/results/3eece8f1-33d6-4a1b-9dab-ef4bfa62cd7b/
Parent samples :
9ceb1e76aecc689b44fa7c4e8068ec28c3b185d1619be34586167cf662887503
494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab
0aae4f734962cba43eda599dbff153929a18ce45e814176b5e37998858c70515
0fa60d79f881f8616d2b92c02874f6f2a5c16b216b1e256fc31c176355b5c076
79ff85f42095cb721a36127f3e837a5e45a53645398215da960e15308879a58f
f3d62ca6b2dfd77bd362dc1f4ec6e99bb43302e82583e6e8dce38df9ea1f6fe5
9f6b69057e19a7fd08aab0b2df861a65337207dcfac2d6fbd0d1c0a2b75670e7
9a62e6ee0e71139a8e68a6092c27deb32077a27980c767a44cd5138ffcdca837
463e7bb6693b947b343cd1ba77247bc8e6504a1fe80f36cdf2a3d7d345e15fd3
cd846ec4ec9c0f6e6078d73b1e32b2488179f597307bcdf1777388192e916d54
1f79aa9ab7e50e55cfe06f5b664ba294bf0817883cebce3f3e40854d10f3e1fd
7211d3bb001d5f3c7d8ed55a060654b5709ae910dc453bfb5f364f9ba596ec6f
f83ae75024d271081643464b5429c11911f92fffa744c4023ba65fa35eafd304
d7df519b026cb5fa1706f96d0c6fe548b6099d09b2a7c70c4fb8672009c94fa0
de35d079d23fe6050502c88b2b40633f4518132df910c7100e000c4b7bcee167
7f9507e2305941a7263daeba121ce8a83c91bdbe5ad7df94a9dfc0ab4158271f
4dea58b34e8a877055eb0b1dddd4748de1764ae9540312a479a0d631853b08e3
f6209e164201390a6e2336de76bc71895df803269a36eb045e64a9aee06b6f20
802fd11db464f889f4d17c37c9f023486ec48967df5880628ecfd239f6f7fdfb
295feaaf0a90a4df1f8643cb800ffe05dff51c87727c93898643d500259606a4
800669c02f5914ebfae285f810179c5a68c98a680dd8b97fd700f86f048faca4
1dd402d450c484140663b57c516ca68b10f31976f324f268ac6e564c6ca177af
252b3ba4160da0cf2275f04387d99315af1b336c66b012f450f97ec5ff1b74bd
4779dc9604edf78283c8678f2ce449705b85d1bc3975db3b02ab9075726b46e9
4c60aa3ed60829ddc6f9b9f078c2e9bd8ae7df3dfcb746f8490aab0815b0852c
ee1946273f2fe267a5f780f37a81c32eb557496da6c5c1b75963a578d5d737b6
c1b694fc1a8292381f26293bd47a8093c49d48874937be131fa2e8f35e847b58
4c8662f187b984c7ad509d766d9514542f26ec38e8961097dd17282f0e7c6a1d
e477c654725e056128fd3e6fe47075a3df2251aa45250b97d6d5cfbcb8552cb4
981089760bad47a4ba4546eddf7055e44592ec68be1cc184e1aee10556ec15fc
db0d7b2975ad69353f3bb5b20c8c13c8ca8ab0ab9ae601b350c676a445871a1f
860bd44b97b4dd0bdf34a0f9fef5dd5b42c29bfb700a27ad0855017f4ea60252
99177850baae88bf8d45b0237ba630db6c4dc038ff10677648cee5bc553b0f9d
dfd41e5d98b8e1593cfe0e057deeaef7ff104f9e4698bfde909f1e72e36820fc
13f8728b95a9ca527c725c440726814ffbc88eeaf9323e50958fa3a8df969372
2df90fe6cea8c31e8c59ae207f8fef3aba216956dabfd0f703ec43fb43dc8e4b
ec16bf461e6e9b1e838755954d893e34f79260be2885e5a3aaf171b2886b8706
1800a59347a0968cadae0d92bb90c8b0ea3ece7d29b519ef950c5e3c483b85b8
6c01787028eb296e0197ca946880c6b1a561861d849ef800f9a7f43d9747099d
5b2ab4ffea1cff5682bda68c57ea34aaa0e24f1ec56ad1113289c7673f3ea306
b1092962ac50c7f6d137c97ee1a1b3ca04ae80a05732d2852b91c75496b6427b
86360aa8ab41f3de1ba20cad54f2567c0d5994a20d5b58d0b71aa42c545bb9f8
6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115
bdbd5a0fb6a3ab99f0cfa3cee7e3f7f8f7ec078eeb628aadfb8a32a5df2be3b9
dd0145067f81bf5aff9a7ee7eb56c11a98a5f69a9bdbc36744919ee49890de5a
0afcea05106a649eae4e8bd387f73f6e54f126afc2b89f47d8f43bcf8732bfc7
76211baaff253bcbad2cfd8be73a7c79e1994161c81b344465f32426b7e81081
d2f5c2cb867f4bac760a3ecb44e02b309ea9627a239ac2f99c1013df34d3c667
163b3084ff6608e6b565e9d4b22489a2ff2d9216cd5e08333477ca966a3456d0
8c8ec3293d0d2e2f3fbb863b371083b6cccaba457ba164aa47ed3a35ff2dc51e
07934cba01c76edfad9112b736a866c486ccfd635b4e77285f9d8dceb7c5f2dd
fa179d9f959aa3c1973ffdf6660cfe5cff0bf2f1c91b38d6f05702a2290c9509
dd189281ff76fef82189e4db73599520105fcddcecaa1ca772461c55960228db
4e343d0b39e50e11b2bb9750f305733c40a4ae122a767528a027a2bc969d68fc
2e838279cd0411e4ce8af6e7ee0dd8ea22d54a049fc7e0a77e64952ba8788d1a
d159eb33e1b993f0c9556f0993f1d1747957540b25fd342667efb6a99a515ddf
ff2ba7a304d3bc20641fbcd1dccf30e1e56de316af53df36f64fd85b8396d145
SH256 hash:
dd189281ff76fef82189e4db73599520105fcddcecaa1ca772461c55960228db
MD5 hash:
fc5c74b829172d86048c8e7f95d49530
SHA1 hash:
36dfacb12b6dc85fa8150de9d9a2e31374061722
Link:
https://www.unpac.me/results/3eece8f1-33d6-4a1b-9dab-ef4bfa62cd7b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dd189281ff76fef82189e4db73599520105fcddcecaa1ca772461c55960228db

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe dd189281ff76fef82189e4db73599520105fcddcecaa1ca772461c55960228db

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/301631/
  
URLhaus
https://urlhaus.abuse.ch/url/2263228/
  
Delivery method
Distributed via web download

Comments