MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e50d7612867722fff23e0bb61ae117b5cfe6fc843e17c8c3a4deb413820170c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e50d7612867722fff23e0bb61ae117b5cfe6fc843e17c8c3a4deb413820170c4
SHA3-384 hash: 57ab352770de80ad98e1248ba75bd4c4612a0b33112d6bff53e3682815e0581bce1526ea4e39f17c398996314ba1917e
SHA1 hash: 18fdfad1afa31ca222451e656cb592df7eaaa60f
MD5 hash: 10520eef62249d90e78bb05ea7c67322
humanhash: nuts-cola-kitten-vegan
File name:10520eef62249d90e78bb05ea7c67322.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:90'126 bytes
First seen:2022-11-12 16:33:39 UTC
Last seen:2022-11-12 18:39:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2e823b312ecb9f47bde2beaa16bfbd39 (1 x RecordBreaker)
ssdeep 1536:kkwsqJnYltZAV8m01IwWSDNHGV4tTl6Nh+qyFdGA2cTdrOoUBmKNeOe8V/m:kkwsqCltSV8kS5/2h+qUdUckoUBmQpev
Threatray 1'011 similar samples on MalwareBazaar
TLSH T14C93E003B9114541E95982F625B17B7A527FFA315F2842E3A3D0EA6D2E399C2BC3704F
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter abuse_ch
Tags:exe recordbreaker

Intelligence

File Origin
# of uploads :
2
# of downloads :
197
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
10520eef62249d90e78bb05ea7c67322.exe
Verdict:
Malicious activity
Analysis date:
2022-11-12 16:36:17 UTC
Tags:
trojan raccoon recordbreaker loader stealer
Link:
https://app.any.run/tasks/ea569aac-7744-48b1-a650-02802288525d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/332957/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.471.6973.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Сreating synchronization primitives
Sending an HTTP POST request
Sending an HTTP GET request
Creating a file
Launching the default Windows debugger (dwwin.exe)
Reading critical registry keys
Stealing user critical data
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/51720/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm overlay packed raccoon
Link:
https://www.filescan.io/uploads/636fcafc7662ecf10839e7c6/reports/5d3fa3b4-e1c8-426e-88f2-57abb441adac/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/6e1accb5-78dc-49bf-abdd-45781034c372
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1111901
Signature
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e50d7612867722fff23e0bb61ae117b5cfe6fc843e17c8c3a4deb413820170c4/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2022-11-12 16:34:07 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ugxmeugo4rp74r6bo3bvyixwxh6n7eehyl4rq5e322bhaqbodca._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
142524d4152ef9eab917f159cc911cc968ee1fa6e27a0d5ba19bcea86e40a55f
RecordBreaker
336b80e664594044e7419504f02fc4fdcb5beb4751c858a3c051c155163186f0
RecordBreaker
508c885f4485d15fa5cf949ef900d14f16f763e702e2a45867d7192938529c30
RecordBreaker
554205366ff07e0fa59789cbf9ba72e1d1966d9d3d1889154408b9c0b4dbd861
RecordBreaker
70b5392192a57314e1c7793599439b518dbf2a0affcbd849cecf779063bd792a
RecordBreaker
98b71364c59171da0e9d98e40caec2ade8668da7389d63cb353124bcfd8ae925
RecordBreaker
b993ca2a752e9bd918f76db3cff5b987977821bd5874c3d867ad16d82156682f
RecordBreaker
ff764f0ab5f7a6c6fc5358a3bcc556e6d1e96fb80b9c2030f8f46b2d51ef241a
RecordBreaker
+ 1'001 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:dbffbdbc9786a5c270e6dd2d647e18ea discovery spyware stealer
Link:
https://tria.ge/reports/221112-t24sragf83/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Malware Config
C2 Extraction:
http://79.137.205.87/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/2ec27228-b05b-4900-9941-57a4afcd1200
Unpacked files
SH256 hash:
29787474ea7710dd00e6768e84975df759a9e06f78dc9d0f5dc18fe9d6a6a208
MD5 hash:
437af2d6e758c1e8f28d241c93a6d4d7
SHA1 hash:
aa3004e4de10ac2b5fe7ceb0d28a4c3e58457b57
Link:
https://www.unpac.me/results/67406eae-378d-4354-937e-4136970c8cb8/
SH256 hash:
e50d7612867722fff23e0bb61ae117b5cfe6fc843e17c8c3a4deb413820170c4
MD5 hash:
10520eef62249d90e78bb05ea7c67322
SHA1 hash:
18fdfad1afa31ca222451e656cb592df7eaaa60f
Link:
https://www.unpac.me/results/67406eae-378d-4354-937e-4136970c8cb8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e50d7612867722fff23e0bb61ae117b5cfe6fc843e17c8c3a4deb413820170c4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe e50d7612867722fff23e0bb61ae117b5cfe6fc843e17c8c3a4deb413820170c4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2408840/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/332957/

Comments