MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8d4fa5f9b4c34193286dae2a80c38cfe75e57942c9454ee9ca898017eab1d7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	e8d4fa5f9b4c34193286dae2a80c38cfe75e57942c9454ee9ca898017eab1d7b
SHA3-384 hash:	5101fc30d5ab6c494c96c53989641d7e7e173021b53cea65dc18f5abf3e60b7d906e6fa78d4c3dbe808e3982b16666fb
SHA1 hash:	abc835b8f0f8221a0e33d865dd835cd977871fe2
MD5 hash:	2ec6998e44b876f0ca2fb3549beac604
humanhash:	india-three-leopard-california
File name:	SoftLauncher.exe
Download:	download sample
Signature	RecordBreaker Alert Create hunting rule
File size:	10'889'216 bytes
First seen:	2023-03-08 21:47:39 UTC
Last seen:	2023-03-08 23:32:32 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	ba71c93bfaf8a292238017b3a884ad39 (2 x RecordBreaker)
ssdeep	196608:7PhkYgO15K74eiFh2I0x68+3fsXoMZLO2hZ1IWWrG9N0/a5pf0fzXgt9L:75k1l8TfsXxnhZWWW69yy5psfzAL
Threatray	679 similar samples on MalwareBazaar
TLSH	T10BB622673E2C8005D04548318D6F7EA42B762F57B680622523B3BDCBDEFA790B51EB52
TrID	37.3% (.EXE) Win64 Executable (generic) (10523/12/4) 17.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 16.0% (.EXE) Win32 Executable (generic) (4505/5/1) 7.3% (.ICL) Windows Icons Library (generic) (2059/9) 7.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	786c64ecc2e8e4c0 (1 x RecordBreaker)
Reporter	tech_skeech
Tags:	exe recordbreaker

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

309

Origin country :

RO

Vendor Threat Intelligence

ANY.RUN raccoon

Malware family:

raccoon

Alert

Create hunting rule

ID:

1

File name:

SoftLauncher.exe

Verdict:

Malicious activity

Analysis date:

2023-03-08 21:50:30 UTC

Tags:

raccoon recordbreaker trojan loader stealer

Link:

https://app.any.run/tasks/9fcd5f70-3425-4243-ab00-c61331d9acd3

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/372789/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Variant.Lazy.294012.17358.6224.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Sending a custom TCP request

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

67%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/64090294aa9d4ecc35bc4284/reports/94579c5e-8978-4d4a-8ef4-412875357a17/overview

Hybrid Analysis Lazy.Generic

Verdict:

Malicious

Labled as:

Lazy.Generic

Link:

https://www.hybrid-analysis.com/sample/e8d4fa5f9b4c34193286dae2a80c38cfe75e57942c9454ee9ca898017eab1d7b

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Intezer Unknown

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/543773a3-9fe4-449b-a399-f5812f733491

Joe Sandbox Laplas Clipper, Raccoon Stealer v2

Result

Threat name:

Laplas Clipper, Raccoon Stealer v2

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1189842

Signature

Antivirus detection for dropped file

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Snort IDS alert for network traffic

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Yara detected Laplas Clipper

Yara detected Raccoon Stealer v2

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e8d4fa5f9b4c34193286dae2a80c38cfe75e57942c9454ee9ca898017eab1d7b/

ReversingLabs TitaniumCloud Win32.Spyware.Raccoonstealer

Threat name:

Win32.Spyware.Raccoonstealer

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-03-08 22:06:38 UTC

File Type:

PE (Exe)

Extracted files:

18

AV detection:

20 of 24 (83.33%)

Threat level:

  2/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5dkpux43jq2bsmug3lrkqdbyz7tv4v4ufskfj3u4vcmac7vldv5q._file

Threatray malicious

Verdict:

malicious

Similar samples:

25139b1e194865c93db98514375b74971e11a690d53b6030014830d019458313

RecordBreaker

3427583e84dda3d92aab9f9b9050d7cfe9bcb43094acc08f02f0166f310702cc

RecordBreaker

67dd0268cb9b122574629662f97f6d56ffca8e7d478f38be141ac02131708730

RecordBreaker

89e18340e51790ee07e1c6845a93f737ef6be8470e5a1158aef24539658eb235

RecordBreaker

9f6b69057e19a7fd08aab0b2df861a65337207dcfac2d6fbd0d1c0a2b75670e7

RecordBreaker

c3ac86b3dfaed540a466f230e12c3f12c56e10755b6d5d195001ca5523d80fa4

RecordBreaker

d78277798307b83a9a1c0d695abec585b290fe1fe69556f62e6bec7e1ba37e26

RecordBreaker

d80111cba6cb72d44025721523aaf389f6da96751582caa79cc4bb52287008aa

RecordBreaker

e7924441cf355557372d5d058eeb30341f9bb4be80f54449ea66b288d183b928

RecordBreaker

f3d62ca6b2dfd77bd362dc1f4ec6e99bb43302e82583e6e8dce38df9ea1f6fe5

RecordBreaker

+ 669 additional samples on MalwareBazaar

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  1/10

Tags:

n/a

Link:

https://tria.ge/reports/230308-1nrplagc3s/

Behaviour

Suspicious behavior: EnumeratesProcesses

UnpacMe 2

Unpacked files

SH256 hash:

61be827222cd74886e72381b93ad5fd496f7eea5cec85b368f209fcb7ae6c6d0

MD5 hash:

b689f99d8bafd128033a0e7111994b86

SHA1 hash:

836ab69a2c153ca3d3d66b809f657f40cc70c79d

Link:

https://www.unpac.me/results/8bc4432f-082b-4015-a79a-d6dc82645b55/

SH256 hash:

e8d4fa5f9b4c34193286dae2a80c38cfe75e57942c9454ee9ca898017eab1d7b

MD5 hash:

2ec6998e44b876f0ca2fb3549beac604

SHA1 hash:

abc835b8f0f8221a0e33d865dd835cd977871fe2

Link:

https://www.unpac.me/results/8bc4432f-082b-4015-a79a-d6dc82645b55/

VMRay RecordBreaker

Malware family:

RecordBreaker

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/e8d4fa5f9b4c/report/overview.html

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e8d4fa5f9b4c34193286dae2a80c38cfe75e57942c9454ee9ca898017eab1d7b

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RecordBreaker

exe e8d4fa5f9b4c34193286dae2a80c38cfe75e57942c9454ee9ca898017eab1d7b

(this sample)

  

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/372789/