MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7969bb05ced6f845e1e44adef01ad129cabca8fff70256f2dbce1a03b6b4e59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 14


Intelligence 14 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7969bb05ced6f845e1e44adef01ad129cabca8fff70256f2dbce1a03b6b4e59
SHA3-384 hash: f8ad42e827b63be738a3bbecf211303b6282f9f7bb349126a35e8785b51b5e2de8aa92749d94188962d95981e10b8782
SHA1 hash: 7839c60ee4f321642bd8825174d3d47a7facffe4
MD5 hash: 46c9b2dbb45bb0152c48b7477d827d62
humanhash: ack-wisconsin-quiet-nebraska
File name:46c9b2dbb45bb0152c48b7477d827d62.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:7'052'288 bytes
First seen:2022-10-10 22:20:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b5af53b96a03972def1a5f287c0c1d5c (23 x RecordBreaker, 8 x RaccoonStealer)
ssdeep 196608:y7L5ixho0BciFKHYqsv1GVnULP7Y76GQoSvifo8:A8BypAv1enK7Y2G9YiA8
Threatray 645 similar samples on MalwareBazaar
TLSH T10A662373612051D5D8BADA79E92FBEFC3BF31B3A451164B4B8EBB9C610219E1D027603
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon cc92b2b2b296e4e0 (1 x RecordBreaker)
Reporter abuse_ch
Tags:exe recordbreaker


Avatar
abuse_ch
RecordBreaker C2:
http://45.67.35.251/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://45.67.35.251/ https://threatfox.abuse.ch/ioc/876989/

Intelligence

File Origin
# of uploads :
1
# of downloads :
306
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RaccoonV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/318663/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP POST request
Sending an HTTP GET request
Creating a file
Reading critical registry keys
Creating a window
Stealing user critical data
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/42369/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed racealer
Link:
https://www.filescan.io/uploads/63449ad081eef2a234c4bd83/reports/0eea6fb4-ce89-49ca-9e11-726e450c23af/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/7cb363cc-2e02-474b-8a36-6ad5454a9bcb
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1087311
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Snort IDS alert for network traffic
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7969bb05ced6f845e1e44adef01ad129cabca8fff70256f2dbce1a03b6b4e59/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-10-06 17:09:43 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
21 of 26 (80.77%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=46ljxmc45vxyixq6isw66annckokxsup75yck3znxtq2ao3ljzmq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
071b6a97e9931097875ebcb7e58d0248ceba48243ce7caa29316b4f4198c7a1f
RecordBreaker
12ee887170eb077553cfb8ab8952c4af4508bbaffcd60f0b84762399dda49878
RecordBreaker
1617243bf260c15ffcb501df0b05d89af6f0590d1e779be89a53e56823f6e8b7
RecordBreaker
4ec69d6a18974df6344363827ce77bb9e5eee5bf5082f71698f134c91c9a6138
RecordBreaker
52697c1d25cb64b2939de7e887832f30927fc597074cc93f274daec609ff08e3
RecordBreaker
754d637166838352780c8e0e611a21f4886f98a82cca0c8a32bf1df3e3c35f1f
RecordBreaker
86c18ece485bd831afd99d3306c5a7944d34f3b36974458d390a76d7280d416b
RecordBreaker
ba9b4ed1a5f1e4f658430f393969f1b6a602c5534d745ad3f12fae35cf2a64d1
RecordBreaker
+ 635 additional samples on MalwareBazaar
Result
Malware family:
raccoon
Create hunting rule
Score:
  10/10
Tags:
family:raccoon botnet:e10a3ab78165c8b55a0e79cd632b9439 discovery spyware stealer
Link:
https://tria.ge/reports/221010-19myjadfgn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Raccoon
Malware Config
C2 Extraction:
http://45.67.35.251/
Unpacked files
SH256 hash:
6f0f59391b5e4b485543945b7b38f09cd719506c1320e3d5e8e2923a53c2a78f
MD5 hash:
569fcfbb505862c819486ee6f43e7458
SHA1 hash:
531c241d1612f5bde6dd3f868ab6dd9ee0389063
Detections:
raccoonstealer
Create hunting rule
Link:
https://www.unpac.me/results/2f944664-ba5d-4555-b086-ac7ff26dd6ec/
SH256 hash:
e7969bb05ced6f845e1e44adef01ad129cabca8fff70256f2dbce1a03b6b4e59
MD5 hash:
46c9b2dbb45bb0152c48b7477d827d62
SHA1 hash:
7839c60ee4f321642bd8825174d3d47a7facffe4
Link:
https://www.unpac.me/results/2f944664-ba5d-4555-b086-ac7ff26dd6ec/
Malware family:
RecordBreaker
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e7969bb05ced/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e7969bb05ced6f845e1e44adef01ad129cabca8fff70256f2dbce1a03b6b4e59

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/318663/

Comments