MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7d9c0d2dd8fb7ea26d12bb4ebeff5987ed55ea0fe1ecf1d586e4c57b95c487a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RecordBreaker


Vendor detections: 13


Intelligence 13 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7d9c0d2dd8fb7ea26d12bb4ebeff5987ed55ea0fe1ecf1d586e4c57b95c487a
SHA3-384 hash: 8a47b7ec16a422499f12ec02a489ed721cc4c69cfb12f4344c15b719bf96c63e759a13153bdde6640136afdba4dbe326
SHA1 hash: 677c63e800af71b7c2ddad83590cacf06769688f
MD5 hash: 097d8371eea941a8f7191509d8dc1b69
humanhash: cat-alabama-island-wyoming
File name:e7d9c0d2dd8fb7ea26d12bb4ebeff5987ed55ea0fe1ec.exe
Download: download sample
Signature RecordBreaker
Create hunting rule
File size:189'952 bytes
First seen:2023-03-15 11:45:18 UTC
Last seen:2023-03-15 13:38:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c5cca9d2a82fe533fcc4c2209568ef92 (1 x Smoke Loader, 1 x AuroraStealer, 1 x RedLineStealer)
ssdeep 3072:+ayvk9/spC5Bi4Fu7tshA0DBqPzDoymAtpO:wvkGpC5Er2qbKAtp
Threatray 10 similar samples on MalwareBazaar
TLSH T1B0045D0382E17F65E5254B328E2FE6F9760DF5508E58FB762218AA1F04B13B1DA633D1
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 916a6e6e6a6a6a60 (2 x RedLineStealer, 1 x Rhadamanthys, 1 x RecordBreaker)
Reporter abuse_ch
Tags:exe recordbreaker


Avatar
abuse_ch
RecordBreaker C2:
http://45.144.31.31/

Intelligence

File Origin
# of uploads :
2
# of downloads :
258
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
e7d9c0d2dd8fb7ea26d12bb4ebeff5987ed55ea0fe1ec.exe
Verdict:
Malicious activity
Analysis date:
2023-03-15 11:49:25 UTC
Tags:
raccoon recordbreaker trojan loader stealer
Link:
https://app.any.run/tasks/fb27cfe0-080a-4034-aab6-4c3f5fe0f1ed

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/374528/
Detection(s):
SecuriteInfo.com.Variant.Jaik.129274.18503.16332.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending a custom TCP request
Launching the default Windows debugger (dwwin.exe)
Verdict:
No Threat
Threat level:
  2/10
Confidence:
80%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6411affd06c49bd8b6b5f036/reports/b87102d0-cc86-4e4a-83ab-a44382ee01b2/overview
Verdict:
Malicious
Labled as:
Jaik.Generic
Link:
https://www.hybrid-analysis.com/sample/e7d9c0d2dd8fb7ea26d12bb4ebeff5987ed55ea0fe1ecf1d586e4c57b95c487a
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raccoon Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fd220c61-bee0-4a40-913a-829904ed698f
Result
Threat name:
Raccoon Stealer v2
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1194085
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found potential ransomware demand text
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Raccoon Stealer v2
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7d9c0d2dd8fb7ea26d12bb4ebeff5987ed55ea0fe1ecf1d586e4c57b95c487a/
Threat name:
Win32.Trojan.SmokeLoader
Create hunting rule
Status:
Malicious
First seen:
2023-03-14 23:32:58 UTC
File Type:
PE (Exe)
Extracted files:
37
AV detection:
21 of 24 (87.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=47m4buw5r636ujwrfo2ox37vtb7nkxva7ypm6hkynzgfpok4jb5a._file
Verdict:
malicious
Similar samples:
23e6ee7b25d1b4dd70cb7658550f8f6d87cb39eba9a57de83aaac4472bac28f8
RecordBreaker
52596eef822fc2232f338a67a88f8c8b8d2fecd04183301541dfd6a79266fba9
RecordBreaker
70ebead6ea8cac65cb1fccb593f7751c6f9ca56333a828d7ce1f9b5c4e23f47a
RecordBreaker
780f69204b13c16f065253cb07609c9671711a9a1695ff4afde1c6c22601863c
RecordBreaker
78535b328b16f6a83d951ee83003913feee0e167e45ccac4760c81e8217fb876
RecordBreaker
be6f2d0e8bc44799f04488d565b3550008ba754233217b3f7b3a6b92c0840caa
RecordBreaker
d64f8f88ebc713a396315b15ff8a0707a405fe67717aa74679f4a71f34a4162d
RecordBreaker
e1fd2d534eed837ebb0fb3b0f25732dadaf4bfd95de92b6c44935d624d991dab
RecordBreaker
e69312127d70accf9e2c20606b600b566507ae679e1b910341403a07eb57d881
RecordBreaker
e9af7f0df0759fc3dd61d34f0db78c556bb1d35df28cd683b0fddc296a8e3146
RecordBreaker
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230315-nxbcrafa5x/
Behaviour
Program crash
Unpacked files
SH256 hash:
01093b5413b099683a10f982b70e8621d59fcd73c42ed4a24f68e15a8aec1cbb
MD5 hash:
1ae9dd23c35b9bc666c6d1da6a9a050c
SHA1 hash:
ee2b202cf570b5928bb832bf7feebad2bff555e8
Link:
https://www.unpac.me/results/91a43474-8b0b-4ade-abe9-e7750fd22fe3/
SH256 hash:
e7d9c0d2dd8fb7ea26d12bb4ebeff5987ed55ea0fe1ecf1d586e4c57b95c487a
MD5 hash:
097d8371eea941a8f7191509d8dc1b69
SHA1 hash:
677c63e800af71b7c2ddad83590cacf06769688f
Link:
https://www.unpac.me/results/91a43474-8b0b-4ade-abe9-e7750fd22fe3/
Malware family:
RecordBreaker
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e7d9c0d2dd8f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e7d9c0d2dd8fb7ea26d12bb4ebeff5987ed55ea0fe1ecf1d586e4c57b95c487a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Windows_Trojan_Smokeloader_3687686f
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

Executable exe e7d9c0d2dd8fb7ea26d12bb4ebeff5987ed55ea0fe1ecf1d586e4c57b95c487a

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/374528/
  
URLhaus
https://urlhaus.abuse.ch/url/2572446/
  
Delivery method
Distributed via web download

Comments