MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e441f76f21f624136a63e22a03fe2f32674d47e9869091524eb5037303e60a51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	e441f76f21f624136a63e22a03fe2f32674d47e9869091524eb5037303e60a51
SHA3-384 hash:	31ff489a23fb50f6ac871e28ba6bb58e5db3f3eca6ded646979ec0e34b8a6e01b0d193dff9c3b138cd047f6b9469277c
SHA1 hash:	3dcea1172e97fd16cdbd5f617634a19a22febc10
MD5 hash:	4c8215f5fa1a70ccd5c5043ae9228820
humanhash:	texas-carolina-fruit-double
File name:	4c8215f5fa1a70ccd5c5043ae9228820.exe
Download:	download sample
Signature	RecordBreaker Alert Create hunting rule
File size:	278'528 bytes
First seen:	2023-06-24 13:20:06 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	8577a8bca69eb3cc886ffba8fc991a9d (1 x RecordBreaker, 1 x ArkeiStealer, 1 x SystemBC)
ssdeep	3072:ar8UjmAxpNoCHG6e6z2SARkyEQzYPVl4AETDtWVnvPxHadPF221s+s33UNf21MyW:vUjjsCHG6Pg/dYL4AADtWnR6dt22h
Threatray	10 similar samples on MalwareBazaar
TLSH	T142441A73A2A27D52ED254B339E1EC6E87E1DFA638E1D3B65521CAE1F04B00B2C563711
TrID	37.3% (.EXE) Win64 Executable (generic) (10523/12/4) 17.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 16.0% (.EXE) Win32 Executable (generic) (4505/5/1) 7.3% (.ICL) Windows Icons Library (generic) (2059/9) 7.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	016062484a426640 (1 x RecordBreaker)
Reporter	abuse_ch
Tags:	exe recordbreaker

abuse_ch

RecordBreaker C2:
http://5.161.202.109:8988/

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

344

Origin country :

NL

Vendor Threat Intelligence

ANY.RUN raccoon

Malware family:

raccoon

Alert

Create hunting rule

ID:

1

File name:

4c8215f5fa1a70ccd5c5043ae9228820.exe

Verdict:

Malicious activity

Analysis date:

2023-06-24 13:23:06 UTC

Tags:

raccoon recordbreaker trojan loader stealer

Link:

https://app.any.run/tasks/ff8a1913-6770-481f-8a26-8ab6cd140905

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/402473/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win32.CrypterX-gen.22739.19097.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending an HTTP POST request

Sending an HTTP GET request

Creating a file

Reading critical registry keys

Launching the default Windows debugger (dwwin.exe)

Stealing user critical data

FileScan.IO No Threat

Verdict:

No Threat

Threat level:

  2/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/6496edbfee55f1e1b4b51ba6/reports/060b7f80-7880-4dd3-b57f-a2e7c55b4510/overview

Hybrid Analysis Win/malicious_confidence_100%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/e441f76f21f624136a63e22a03fe2f32674d47e9869091524eb5037303e60a51

InQuest UNKNOWN

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Raccoon Stealer

Malware family:

Raccoon Stealer

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/613e6b58-ae8c-4dd0-b630-3df812ce1fc4

Joe Sandbox Raccoon Stealer v2

Result

Threat name:

Raccoon Stealer v2

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1260878

Signature

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found evasive API chain (may stop execution after checking mutex)

Found malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Uses known network protocols on non-standard ports

Yara detected Raccoon Stealer v2

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e441f76f21f624136a63e22a03fe2f32674d47e9869091524eb5037303e60a51/

ReversingLabs TitaniumCloud Win32.Spyware.Raccoonstealer

Threat name:

Win32.Spyware.Raccoonstealer

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-06-24 13:21:06 UTC

File Type:

PE (Exe)

Extracted files:

63

AV detection:

19 of 24 (79.17%)

Threat level:

  2/5

Spamhaus Hash Blocklist Malicious file

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=4ra7o3zb6ysbg2td4ivah7rpgjtu2r7jq2ijcusowubxga7gbjiq._file

Threatray raccoon

Verdict:

malicious

Label(s):

raccoon

Alert

Create hunting rule

Similar samples:

0e4ab34f1a096c6157d10a7844a590044b94f67e6fa62f4ef577775c9da60cb8

RecordBreaker

66aba326f753f1d952e03cdae48806b64965572b400a9ad38da882d55515a2d5

RecordBreaker

8367690dbcabb0b6d7906f6c05b05109f286cea2683bdaefff93b04af8f10cbe

RecordBreaker

b5fed3d09a1c70a954e0faa46c3371a471f48a16ac3db95800f70d56e6e1a23f

RecordBreaker

b777ca54d5d8a17240013432313cdd8068ae03e04e97dbd8dc1f4268964a6526

RecordBreaker

c25b20c4ab2e5957feab51543819bb8778ffcd493128fa59c14587c17571f20a

RecordBreaker

c96bc659a9f882f78b018eb6af1abddb4a1ffe7f959f056450399c27b97f70c8

RecordBreaker

d8559130616dcb860a123fd7228fda07563e4623efc4cc186fba1a695d8c83a2

RecordBreaker

e11f3e5a187ddbb67ea48d2f9a97b088355ebccc5e3de9299c84a8d38b5b32a9

RecordBreaker

fd499f6e9aeec4927a0b4ef013123db28d6ec283845cf8b6632efd209f53d383

RecordBreaker

Hatching Triage raccoon

Result

Malware family:

raccoon

Alert

Create hunting rule

Score:

  10/10

Tags:

family:raccoon discovery spyware stealer

Link:

https://tria.ge/reports/230624-qlmyhsbd55/

Behaviour

Program crash

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Loads dropped DLL

Reads user/profile data of web browsers

Downloads MZ/PE file

Raccoon

Raccoon Stealer payload

UnpacMe 2

Unpacked files

SH256 hash:

6547af492b016e8d15c6df6f1a3bcfa9a760968aa0d3c3a856146a42be2fda67

MD5 hash:

62d60c342bdb76bd6d2945b1b431caf6

SHA1 hash:

0e3985b51cdbaa8f95ccc1807af118f4320f666d

Link:

https://www.unpac.me/results/6893b4a5-c2ef-48b4-a38b-13ddc7b9da6c/

SH256 hash:

e441f76f21f624136a63e22a03fe2f32674d47e9869091524eb5037303e60a51

MD5 hash:

4c8215f5fa1a70ccd5c5043ae9228820

SHA1 hash:

3dcea1172e97fd16cdbd5f617634a19a22febc10

Link:

https://www.unpac.me/results/6893b4a5-c2ef-48b4-a38b-13ddc7b9da6c/

VMRay RecordBreaker

Malware family:

RecordBreaker

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/e441f76f21f6/report/overview.html

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e441f76f21f624136a63e22a03fe2f32674d47e9869091524eb5037303e60a51

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/402473/